Iphone_os - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Iphone_os
(Apple)

Repositories	• https://github.com/madler/zlib • https://github.com/file/file • https://github.com/WebKit/webkit • https://github.com/vadz/libtiff
#Vulnerabilities	3247

Date	Id	Summary	Products	Score	Patch	Annotated
2024-01-23	CVE-2024-23218	A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.	Ipados, Iphone_os, Macos, Tvos, Watchos	5.9
2024-01-23	CVE-2024-23222	A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.	Ipados, Iphone_os, Macos, Safari, Tvos, Visionos	8.8
2024-01-23	CVE-2024-23206	An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.	Ipados, Iphone_os, Macos, Safari, Tvos, Watchos	6.5
2024-01-23	CVE-2024-23211	A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.	Ipados, Iphone_os, Macos, Safari, Watchos	3.3
2024-01-23	CVE-2024-23213	The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.	Ipados, Iphone_os, Macos, Safari, Tvos, Watchos	8.8
2023-09-12	CVE-2023-41990	The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.	Ipados, Iphone_os, Macos, Tvos, Watchos	7.8
2023-10-25	CVE-2023-42852	A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.	Ipados, Iphone_os, Macos, Safari, Tvos, Watchos, Debian_linux, Fedora	8.8
2023-09-28	CVE-2023-5217	Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	Ipad_os, Iphone_os, Debian_linux, Fedora, Edge, Edge_chromium, Firefox, Firefox_esr, Firefox_focus, Thunderbird, Libvpx	8.8
2008-09-11	CVE-2008-3612	The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.	Iphone_os	9.8
2009-06-10	CVE-2009-1699	The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."	Iphone_os, Safari, Ubuntu_linux, Opensuse	7.5