2024

2023

CVE-2023-35074 (v3: 8.8) 27 Sep 2023

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

2022

2021

2020

CVE-2020-9850 (v3: 9.8) 9 Jun 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-9783 (v3: 8.8) 1 Apr 2020

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.

CVE-2020-9784 (v3: 4.3) 1 Apr 2020

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.

CVE-2020-3885 (v3: 4.3) 1 Apr 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

CVE-2020-3887 (v3: 4.3) 1 Apr 2020

CVE-2020-3894 (v3: 3.1) 1 Apr 2020

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.

CVE-2020-3895 (v3: 8.8) 1 Apr 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-3897 (v3: 8.8) 1 Apr 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-3899 (v3: 8.8) 1 Apr 2020

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-3900 (v3: 8.8) 1 Apr 2020

CVE-2020-3901 (v3: 8.8) 1 Apr 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-3902 (v3: 6.1) 1 Apr 2020

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.

CVE-2020-3825 (v3: 8.8) 27 Feb 2020

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-3833 (v3: 4.3) 27 Feb 2020

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.

CVE-2020-3841 (v3: 6.5) 27 Feb 2020

The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network.

CVE-2020-3862 (v3: 6.5) 27 Feb 2020

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.

CVE-2020-3865 (v3: 8.8) 27 Feb 2020

CVE-2020-3867 (v3: 6.1) 27 Feb 2020

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2020-3868 (v3: 8.8) 27 Feb 2020

2019

CVE-2019-6204 (v3: 6.1) 18 Dec 2019

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

CVE-2019-8503 (v3: 8.8) 18 Dec 2019

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website.

CVE-2019-6237 (v3: 8.8) 18 Dec 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8505 (v3: 6.1) 18 Dec 2019

CVE-2019-8506 (v3: 8.8) 18 Dec 2019

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8515 (v3: 6.5) 18 Dec 2019

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.

CVE-2019-8518 (v3: 8.8) 18 Dec 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8523 (v3: 8.8) 18 Dec 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8524 (v3: 8.8) 18 Dec 2019

CVE-2019-8535 (v3: 8.8) 18 Dec 2019

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8536 (v3: 8.8) 18 Dec 2019

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8544 (v3: 8.8) 18 Dec 2019

CVE-2019-8551 (v3: 6.1) 18 Dec 2019

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2019-8556 (v3: 8.8) 18 Dec 2019

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8558 (v3: 8.8) 18 Dec 2019

CVE-2019-8559 (v3: 8.8) 18 Dec 2019

CVE-2019-8562 (v3: 9.6) 18 Dec 2019

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2019-8563 (v3: 8.8) 18 Dec 2019

CVE-2019-8571 (v3: 8.8) 18 Dec 2019

CVE-2019-8577 (v3: 7.8) 18 Dec 2019

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.

CVE-2019-8583 (v3: 8.8) 18 Dec 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8584 (v3: 8.8) 18 Dec 2019

CVE-2019-8586 (v3: 8.8) 18 Dec 2019

CVE-2019-8587 (v3: 8.8) 18 Dec 2019

CVE-2019-8594 (v3: 8.8) 18 Dec 2019

CVE-2019-8595 (v3: 8.8) 18 Dec 2019

CVE-2019-8596 (v3: 8.8) 18 Dec 2019

CVE-2019-8597 (v3: 6.5) 18 Dec 2019

CVE-2019-8601 (v3: 8.8) 18 Dec 2019

CVE-2019-8602 (v3: 7.8) 18 Dec 2019

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.

CVE-2019-8607 (v3: 6.5) 18 Dec 2019

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.

CVE-2019-8608 (v3: 6.3) 18 Dec 2019

CVE-2019-8609 (v3: 8.8) 18 Dec 2019

CVE-2019-8610 (v3: 8.8) 18 Dec 2019

CVE-2019-8611 (v3: 8.8) 18 Dec 2019

CVE-2019-8615 (v3: 6.5) 18 Dec 2019

CVE-2019-8619 (v3: 8.8) 18 Dec 2019

CVE-2019-8622 (v3: 8.8) 18 Dec 2019

CVE-2019-8623 (v3: 8.8) 18 Dec 2019

CVE-2019-8628 (v3: 8.8) 18 Dec 2019

CVE-2019-8644 (v3: 8.8) 18 Dec 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8649 (v3: 6.1) 18 Dec 2019

A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2019-8654 (v3: 6.5) 18 Dec 2019

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing.

CVE-2019-8658 (v3: 6.1) 18 Dec 2019

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2019-8666 (v3: 8.8) 18 Dec 2019

CVE-2019-8669 (v3: 8.8) 18 Dec 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-8670 (v3: 4.3) 18 Dec 2019

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.

CVE-2019-8671 (v3: 8.8) 18 Dec 2019

CVE-2019-8672 (v3: 8.8) 18 Dec 2019

CVE-2019-8673 (v3: 8.8) 18 Dec 2019

2018

CVE-2018-4299 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4306 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4307 (v3: 4.3) 3 Apr 2019

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.

CVE-2018-4309 (v3: 6.1) 3 Apr 2019

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4311 (v3: 8.1) 3 Apr 2019

The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4312 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4314 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4315 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4316 (v3: 8.8) 3 Apr 2019

A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4317 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4318 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4323 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4328 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4345 (v3: 6.1) 3 Apr 2019

CVE-2018-4358 (v3: 8.8) 3 Apr 2019

CVE-2018-4359 (v3: 8.8) 3 Apr 2019

CVE-2018-4360 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4361 (v3: 8.8) 3 Apr 2019

A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4362 (v3: 6.5) 3 Apr 2019

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.

CVE-2018-4372 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4373 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4374 (v3: 6.1) 3 Apr 2019

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4375 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4376 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4377 (v3: 6.1) 3 Apr 2019

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4378 (v3: 8.8) 3 Apr 2019

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4382 (v3: 8.8) 3 Apr 2019

CVE-2018-4386 (v3: 8.8) 3 Apr 2019

CVE-2018-4392 (v3: 8.8) 3 Apr 2019

CVE-2018-4409 (v3: 6.5) 3 Apr 2019

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

CVE-2018-4416 (v3: 8.8) 3 Apr 2019

CVE-2018-4145 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.

CVE-2018-4437 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVE-2018-4438 (v3: 8.8) 3 Apr 2019

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVE-2018-4439 (v3: 6.5) 3 Apr 2019

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVE-2018-4440 (v3: 4.3) 3 Apr 2019

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVE-2018-4441 (v3: 8.8) 3 Apr 2019

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVE-2018-4442 (v3: 8.8) 3 Apr 2019

CVE-2018-4443 (v3: 8.8) 3 Apr 2019

CVE-2018-4445 (v3: 4.3) 3 Apr 2019

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.

CVE-2018-4464 (v3: 8.8) 3 Apr 2019

CVE-2018-4191 (v3: 8.8) 3 Apr 2019

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4195 (v3: 6.5) 3 Apr 2019

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.

CVE-2018-4197 (v3: 8.8) 3 Apr 2019

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4260 (v3: 6.5) 3 Apr 2019

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

CVE-2018-4261 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

CVE-2018-4263 (v3: 8.8) 3 Apr 2019

CVE-2018-4264 (v3: 8.8) 3 Apr 2019

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

CVE-2018-4265 (v3: 8.8) 3 Apr 2019

CVE-2018-4266 (v3: 5.9) 3 Apr 2019

A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

2017

CVE-2017-7071 (v3: 8.8) 3 Apr 2018

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-7153 (v3: 6.1) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.

CVE-2017-7161 (v3: 8.8) 3 Apr 2018

An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.

CVE-2017-7165 (v3: 8.8) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2492 (v3: 6.1) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling.

CVE-2017-2493 (v3: 6.5) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.

CVE-2017-13884 (v3: 8.8) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-13885 (v3: 8.8) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-7005 (v3: 8.8) 3 Apr 2018

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-7156 (v3: 8.8) 27 Dec 2017

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-7157 (v3: 8.8) 27 Dec 2017

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-7160 (v3: 8.8) 27 Dec 2017

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-13856 (v3: 8.8) 25 Dec 2017

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-13866 (v3: 8.8) 25 Dec 2017

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-13870 (v3: 8.8) 25 Dec 2017

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-17821 (v3: 9.8) 21 Dec 2017

WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.

CVE-2017-13783 (v3: 8.8) 13 Nov 2017

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-13784 (v3: 8.8) 13 Nov 2017

CVE-2017-13785 (v3: 8.8) 13 Nov 2017

CVE-2017-13788 (v3: 8.8) 13 Nov 2017

CVE-2017-13789 (v3: 6.5) 13 Nov 2017

An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

CVE-2017-13790 (v3: 6.5) 13 Nov 2017

CVE-2017-13791 (v3: 8.8) 13 Nov 2017

CVE-2017-13792 (v3: 8.8) 13 Nov 2017

CVE-2017-13793 (v3: 8.8) 13 Nov 2017

CVE-2017-13794 (v3: 8.8) 13 Nov 2017

CVE-2017-13795 (v3: 8.8) 13 Nov 2017

CVE-2017-13796 (v3: 8.8) 13 Nov 2017

CVE-2017-13797 (v3: 8.8) 13 Nov 2017

CVE-2017-13798 (v3: 8.8) 13 Nov 2017

CVE-2017-13802 (v3: 8.8) 13 Nov 2017

CVE-2017-13803 (v3: 8.8) 13 Nov 2017

CVE-2017-7081 (v3: 8.8) 23 Oct 2017

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-7085 (v3: 6.5) 23 Oct 2017

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.

CVE-2017-7087 (v3: 8.8) 23 Oct 2017

CVE-2017-7089 (v3: 6.1) 23 Oct 2017

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

CVE-2017-7090 (v3: 7.5) 23 Oct 2017

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.

CVE-2017-7091 (v3: 8.8) 23 Oct 2017

CVE-2017-7092 (v3: 8.8) 23 Oct 2017

CVE-2017-7093 (v3: 8.8) 23 Oct 2017

CVE-2017-7094 (v3: 8.8) 23 Oct 2017

CVE-2017-7095 (v3: 8.8) 23 Oct 2017

CVE-2017-7096 (v3: 8.8) 23 Oct 2017

CVE-2017-7098 (v3: 8.8) 23 Oct 2017

CVE-2017-7099 (v3: 8.8) 23 Oct 2017

CVE-2017-7100 (v3: 8.8) 23 Oct 2017

CVE-2017-7102 (v3: 8.8) 23 Oct 2017

CVE-2017-7104 (v3: 8.8) 23 Oct 2017

CVE-2017-7106 (v3: 6.5) 23 Oct 2017

CVE-2017-7107 (v3: 8.8) 23 Oct 2017

2016

CVE-2016-4676 (v3: 7.5) 3 Feb 2020

A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.

CVE-2016-10222 (v3: 7.5) 3 Apr 2017

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.

CVE-2016-10226 (v3: 7.5) 3 Apr 2017

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.

CVE-2016-7578 (v3: 8.8) 20 Feb 2017

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2016-4613 (v3: 6.5) 20 Feb 2017

An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.

CVE-2016-4767 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.

CVE-2016-4768 (v3: 8.8) 25 Sep 2016

CVE-2016-4611 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

CVE-2016-4618 (v3: 6.1) 25 Sep 2016

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

CVE-2016-4728 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.

CVE-2016-4729 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.

CVE-2016-4730 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

CVE-2016-4731 (v3: 8.8) 25 Sep 2016

CVE-2016-4733 (v3: 7.8) 25 Sep 2016

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

CVE-2016-4734 (v3: 9.6) 25 Sep 2016

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.

CVE-2016-4735 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.

CVE-2016-4737 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-4758 (v3: 6.5) 25 Sep 2016

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

CVE-2016-4759 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.

CVE-2016-4762 (v3: 8.8) 25 Sep 2016

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-4765 (v3: 8.8) 25 Sep 2016

CVE-2016-4766 (v3: 8.8) 25 Sep 2016

CVE-2016-4584 (v3: 8.8) 22 Jul 2016

The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-4586 (v3: 8.8) 22 Jul 2016

WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-4622 (v3: 8.8) 22 Jul 2016

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

CVE-2016-4623 (v3: 8.8) 22 Jul 2016

CVE-2016-4624 (v3: 8.8) 22 Jul 2016

CVE-2016-1864 (v3: 4.3) 19 Jun 2016

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

CVE-2016-1849 (v3: 3.3) 20 May 2016

The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.

CVE-2016-1854 (v3: 8.8) 20 May 2016

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

CVE-2016-1855 (v3: 8.8) 20 May 2016

CVE-2016-1856 (v3: 8.8) 20 May 2016

CVE-2016-1857 (v3: 8.8) 20 May 2016

CVE-2016-1858 (v3: 6.5) 20 May 2016

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

CVE-2016-1859 (v3: 8.8) 20 May 2016

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-1762 (v3: 8.1) 24 Mar 2016

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

CVE-2016-1772 (v3: 4.3) 24 Mar 2016

The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.

CVE-2016-1779 (v3: 6.5) 24 Mar 2016

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.

CVE-2016-1782 (v3: 6.5) 24 Mar 2016

WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.

CVE-2016-1783 (v3: 8.8) 24 Mar 2016

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-1784 (v3: 6.5) 24 Mar 2016

The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.

CVE-2016-1785 (v3: 6.5) 24 Mar 2016

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2016-1786 (v3: 5.4) 24 Mar 2016

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.

CVE-2016-1723 (v3: 8.8) 1 Feb 2016

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.

CVE-2016-1724 (v3: 8.8) 1 Feb 2016

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.

CVE-2016-1725 (v3: 8.8) 1 Feb 2016

CVE-2016-1726 (v3: 8.8) 1 Feb 2016

CVE-2016-1727 (v3: 8.8) 1 Feb 2016

CVE-2016-1728 (v3: 4.3) 1 Feb 2016

The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.

2015

CVE-2015-7103 (v2: 6.8) 11 Dec 2015

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.

CVE-2015-7093 (v2: 4.3) 11 Dec 2015

Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.

CVE-2015-7100 (v2: 6.8) 11 Dec 2015

CVE-2015-7002 (v2: 6.8) 23 Oct 2015

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

CVE-2015-7011 (v2: 6.8) 23 Oct 2015

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

CVE-2015-7012 (v2: 6.8) 23 Oct 2015

CVE-2015-7014 (v2: 6.8) 23 Oct 2015

CVE-2015-5928 (v2: 6.8) 23 Oct 2015

CVE-2015-5929 (v2: 6.8) 23 Oct 2015

CVE-2015-5930 (v2: 6.8) 23 Oct 2015

CVE-2015-5931 (v2: 6.8) 23 Oct 2015

CVE-2015-5780 (v2: 10) 9 Oct 2015

The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

CVE-2015-5764 (v2: 4.3) 18 Sep 2015

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.

CVE-2015-5767 (v2: 4.3) 18 Sep 2015

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.

CVE-2015-5793 (v2: 6.8) 18 Sep 2015

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5795 (v2: 6.8) 18 Sep 2015

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5796 (v2: 6.8) 18 Sep 2015

CVE-2015-5800 (v2: 6.8) 18 Sep 2015

CVE-2015-5805 (v2: 6.8) 18 Sep 2015

CVE-2015-5807 (v2: 6.8) 18 Sep 2015

CVE-2015-5808 (v2: 6.8) 18 Sep 2015

WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.

CVE-2015-5811 (v2: 6.8) 18 Sep 2015

CVE-2015-5812 (v2: 6.8) 18 Sep 2015

CVE-2015-5815 (v2: 6.8) 18 Sep 2015

CVE-2015-5817 (v2: 6.8) 18 Sep 2015

CVE-2015-5820 (v2: 4.3) 18 Sep 2015

WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.

CVE-2015-5821 (v2: 6.8) 18 Sep 2015

CVE-2015-5822 (v2: 6.8) 18 Sep 2015

CVE-2015-5825 (v2: 4.3) 18 Sep 2015

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.

CVE-2015-5826 (v2: 4.3) 18 Sep 2015

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2015-5827 (v2: 5) 18 Sep 2015

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.

CVE-2015-3732 (v2: 6.8) 17 Aug 2015

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.

CVE-2015-3752 (v2: 5) 17 Aug 2015

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.

CVE-2015-3753 (v2: 5) 17 Aug 2015

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.

CVE-2015-3754 (v2: 4.3) 17 Aug 2015

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.

CVE-2015-3660 (v2: 4.3) 3 Jul 2015

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.

CVE-2015-1127 (v2: 2.1) 10 Apr 2015

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

CVE-2015-1128 (v2: 5) 10 Apr 2015

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.

CVE-2015-1122 (v2: 6.8) 10 Apr 2015

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Key Capabilities

Threat Intelligence

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015