2024

2023

2022

2021

2020

CVE-2020-9777 (v3: 5.3) 1 Apr 2020
An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.
CVE-2020-3839 (v3: 5.5) 27 Feb 2020
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory.
CVE-2020-3856 (v3: 7.8) 27 Feb 2020
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption.

2019

CVE-2019-6203 (v3: 9.8) 17 Apr 2020
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
CVE-2019-8502 (v3: 3.3) 18 Dec 2019
An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.
CVE-2019-8503 (v3: 8.8) 18 Dec 2019
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website.
CVE-2019-8507 (v3: 5.5) 18 Dec 2019
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.
CVE-2019-8516 (v3: 7.5) 18 Dec 2019
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
CVE-2019-8521 (v3: 5.5) 18 Dec 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.
CVE-2019-8530 (v3: 5.5) 18 Dec 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.
CVE-2019-8549 (v3: 7.8) 18 Dec 2019
Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.
CVE-2019-8550 (v3: 4.3) 18 Dec 2019
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
CVE-2019-8561 (v3: 7.8) 18 Dec 2019
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges.
CVE-2019-8577 (v3: 7.8) 18 Dec 2019
An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.
CVE-2019-8589 (v3: 5.5) 18 Dec 2019
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.
CVE-2019-8590 (v3: 7.8) 18 Dec 2019
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8598 (v3: 5.5) 18 Dec 2019
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.
CVE-2019-8617 (v3: 9.6) 18 Dec 2019
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2019-8626 (v3: 6.5) 18 Dec 2019
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
CVE-2019-8637 (v3: 7.8) 18 Dec 2019
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges.
CVE-2019-8654 (v3: 6.5) 18 Dec 2019
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing.
CVE-2019-8659 (v3: 7.5) 18 Dec 2019
This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.
CVE-2019-8665 (v3: 7.5) 18 Dec 2019
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.
CVE-2019-8667 (v3: 5.3) 18 Dec 2019
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.
CVE-2019-8670 (v3: 4.3) 18 Dec 2019
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.
CVE-2019-8691 (v3: 5.5) 18 Dec 2019
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.
CVE-2019-8698 (v3: 3.3) 18 Dec 2019
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.
CVE-2019-8699 (v3: 7.5) 18 Dec 2019
A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection.
CVE-2019-8721 (v3: 8.8) 18 Dec 2019
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8722 (v3: 8.8) 18 Dec 2019
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8723 (v3: 8.8) 18 Dec 2019
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8724 (v3: 8.8) 18 Dec 2019
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
CVE-2019-8727 (v3: 4.3) 18 Dec 2019
A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.
CVE-2019-7284 (v3: 4.3) 18 Dec 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
CVE-2019-7289 (v3: 5.5) 18 Dec 2019
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information.
CVE-2019-7292 (v3: 6.5) 18 Dec 2019
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.
CVE-2019-8788 (v3: 7.5) 18 Dec 2019
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.
CVE-2019-8793 (v3: 5.5) 18 Dec 2019
A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.
CVE-2019-8794 (v3: 5.5) 18 Dec 2019
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.
CVE-2019-8802 (v3: 7.8) 18 Dec 2019
A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root privileges.
CVE-2019-8805 (v3: 7.8) 18 Dec 2019
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.
CVE-2019-8817 (v3: 5.5) 18 Dec 2019
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read restricted memory.
CVE-2019-6219 (v3: 7.5) 5 Mar 2019
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

2018

CVE-2018-4293 (v3: 5.3) 3 Apr 2019
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
CVE-2018-4295 (v3: 9.8) 3 Apr 2019
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4303 (v3: 7.8) 3 Apr 2019
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4304 (v3: 5) 3 Apr 2019
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
CVE-2018-4305 (v3: 6.5) 3 Apr 2019
An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
CVE-2018-4307 (v3: 4.3) 3 Apr 2019
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
CVE-2018-4313 (v3: 5.5) 3 Apr 2019
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
CVE-2018-4321 (v3: 5.3) 3 Apr 2019
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
CVE-2018-4322 (v3: 3.3) 3 Apr 2019
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.
CVE-2018-4333 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2018-4335 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.
CVE-2018-4338 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4342 (v3: 5.5) 3 Apr 2019
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
CVE-2018-4346 (v3: 5.5) 3 Apr 2019
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4348 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4353 (v3: 9.8) 3 Apr 2019
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4362 (v3: 6.5) 3 Apr 2019
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.
CVE-2018-4363 (v3: 5.5) 3 Apr 2019
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
CVE-2018-4368 (v3: 6.5) 3 Apr 2019
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
CVE-2018-4369 (v3: 7.5) 3 Apr 2019
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
CVE-2018-4385 (v3: 6.5) 3 Apr 2019
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.
CVE-2018-4389 (v3: 6.5) 3 Apr 2019
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.
CVE-2018-4395 (v3: 5.5) 3 Apr 2019
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
CVE-2018-4396 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4398 (v3: 7.5) 3 Apr 2019
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-4399 (v3: 5.5) 3 Apr 2019
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
CVE-2018-4400 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
CVE-2018-4406 (v3: 6.5) 3 Apr 2019
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4417 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4418 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4423 (v3: 7.8) 3 Apr 2019
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.
CVE-2018-4429 (v3: 6.5) 3 Apr 2019
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.
CVE-2018-4435 (v3: 7.8) 3 Apr 2019
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4439 (v3: 6.5) 3 Apr 2019
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4440 (v3: 4.3) 3 Apr 2019
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVE-2018-4446 (v3: 3.3) 3 Apr 2019
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.
CVE-2018-4460 (v3: 6.5) 3 Apr 2019
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVE-2018-4462 (v3: 5.5) 3 Apr 2019
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
CVE-2018-4195 (v3: 6.5) 3 Apr 2019
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12.
CVE-2018-4260 (v3: 6.5) 3 Apr 2019
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
CVE-2018-4274 (v3: 7.5) 3 Apr 2019
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
CVE-2018-4279 (v3: 5.3) 3 Apr 2019
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.
CVE-2018-4207 (v3: 8.8) 11 Jan 2019
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2018-4208 (v3: 8.8) 11 Jan 2019
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2018-4209 (v3: 8.8) 11 Jan 2019
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2018-4213 (v3: 8.8) 11 Jan 2019
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
CVE-2018-4254 (v3: 9.8) 11 Jan 2019
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4277 (v3: 7.5) 11 Jan 2019
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2018-4187 (v3: 6.5) 8 Jun 2018
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
CVE-2018-4188 (v3: 6.5) 8 Jun 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.

2017

CVE-2017-13911 (v3: 7.8) 3 Apr 2019
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.
CVE-2017-13891 (v3: 6.5) 11 Jan 2019
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management.
CVE-2017-7164 (v3: 5.9) 3 Apr 2018
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.
CVE-2017-7170 (v3: 7.8) 3 Apr 2018
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-13890 (v3: 7.4) 3 Apr 2018
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site.
CVE-2017-7003 (v3: 5.5) 3 Apr 2018
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2017-18248 (v3: 5.3) 26 Mar 2018
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
CVE-2017-7154 (v3: 6.6) 27 Dec 2017
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).
CVE-2017-13848 (v3: 7.8) 25 Dec 2017
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-13858 (v3: 7.8) 25 Dec 2017
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-13789 (v3: 6.5) 13 Nov 2017
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-13790 (v3: 6.5) 13 Nov 2017
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-13804 (v3: 5.5) 13 Nov 2017
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.
CVE-2017-13807 (v3: 7.8) 13 Nov 2017
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.
CVE-2017-13809 (v3: 7.8) 13 Nov 2017
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.
CVE-2017-13849 (v3: 5.5) 13 Nov 2017
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.
CVE-2017-7072 (v3: 5.5) 23 Oct 2017
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file.
CVE-2017-7074 (v3: 5.5) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.
CVE-2017-7083 (v3: 4.9) 23 Oct 2017
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service.
CVE-2017-7085 (v3: 6.5) 23 Oct 2017
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.
CVE-2017-7106 (v3: 6.5) 23 Oct 2017
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar.
CVE-2017-7118 (v3: 5.5) 23 Oct 2017
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafted image.
CVE-2017-7119 (v3: 5.5) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-7121 (v3: 9.8) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-7122 (v3: 9.8) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-7123 (v3: 9.8) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-7124 (v3: 9.8) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-7125 (v3: 9.8) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-7126 (v3: 9.8) 23 Oct 2017
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2017-7045 (v3: 5.5) 20 Jul 2017
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-7060 (v3: 6.5) 20 Jul 2017
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site.
CVE-2017-2517 (v3: 6.5) 20 Jul 2017
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-7011 (v3: 6.5) 20 Jul 2017
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.
CVE-2017-2495 (v3: 6.5) 22 May 2017
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu.
CVE-2017-2500 (v3: 4.7) 22 May 2017
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-2511 (v3: 6.5) 22 May 2017
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-2540 (v3: 5.5) 22 May 2017
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-2378 (v3: 8.8) 2 Apr 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.
CVE-2017-2410 (v3: 7.8) 2 Apr 2017
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2017-2414 (v3: 5.3) 2 Apr 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.
CVE-2017-2434 (v3: 9.8) 2 Apr 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.
CVE-2017-2442 (v3: 6.5) 2 Apr 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-2453 (v3: 6.5) 2 Apr 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site.
CVE-2017-2479 (v3: 6.5) 2 Apr 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-6974 (v3: 5.5) 2 Apr 2017
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
CVE-2017-2371 (v3: 6.5) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
CVE-2017-2351 (v3: 2.4) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors.
CVE-2017-2368 (v3: 5.5) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.

2016

CVE-2016-10222 (v3: 7.5) 3 Apr 2017
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.
CVE-2016-7580 (v3: 6.5) 20 Feb 2017
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
CVE-2016-7581 (v3: 4.3) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.
CVE-2016-7636 (v3: 5.9) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
CVE-2016-7657 (v3: 3.3) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
CVE-2016-7665 (v3: 5.5) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video.
CVE-2016-7667 (v3: 7.5) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
CVE-2016-4661 (v3: 5.5) 20 Feb 2017
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.
CVE-2016-4669 (v3: 7.8) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
CVE-2016-4690 (v3: 6.8) 20 Feb 2017
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.
CVE-2016-7742 (v3: 7.8) 20 Feb 2017
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.
CVE-2016-4698 (v3: 7.8) 25 Sept 2016
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-4701 (v3: 6.2) 25 Sept 2016
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
CVE-2016-4706 (v3: 5.5) 25 Sept 2016
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
CVE-2016-4722 (v3: 5.9) 25 Sept 2016
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
CVE-2016-4728 (v3: 8.8) 25 Sept 2016
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2016-4753 (v3: 7.8) 25 Sept 2016
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-4641 (v3: 7.3) 22 Jul 2016
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
CVE-2016-4594 (v3: 7.8) 22 Jul 2016
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
CVE-2016-1843 (v3: 7.5) 20 May 2016
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1800 (v3: 8.8) 20 May 2016
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-1752 (v3: 5.5) 24 Mar 2016
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
CVE-2016-1763 (v3: 3.5) 24 Mar 2016
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
CVE-2016-0801 (v3: 9.8) 7 Feb 2016
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

2015

CVE-2015-7551 (v3: 8.4) 24 Mar 2016
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
CVE-2015-7047 (v2: 7.2) 11 Dec 2015
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7072 (v2: 9.3) 11 Dec 2015
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-7079 (v2: 9.3) 11 Dec 2015
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-7093 (v2: 4.3) 11 Dec 2015
Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.
CVE-2015-7094 (v2: 2.6) 11 Dec 2015
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
CVE-2015-7036 (v2: 7.5) 22 Nov 2015
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
CVE-2015-6987 (v2: 2.1) 23 Oct 2015
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.
CVE-2015-7004 (v2: 7.1) 23 Oct 2015
The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
CVE-2015-5780 (v2: 10) 9 Oct 2015
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
CVE-2015-5883 (v2: 5) 9 Oct 2015
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
CVE-2015-5869 (v2: 3.3) 18 Sept 2015
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-5879 (v2: 5) 18 Sept 2015
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
CVE-2015-5764 (v2: 4.3) 18 Sept 2015
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
CVE-2015-5765 (v2: 4.3) 18 Sept 2015
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
CVE-2015-5767 (v2: 4.3) 18 Sept 2015
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
CVE-2015-5820 (v2: 4.3) 18 Sept 2015
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
CVE-2015-5837 (v2: 4.3) 18 Sept 2015
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
CVE-2015-3802 (v2: 7.2) 17 Aug 2015
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
CVE-2015-3803 (v2: 7.2) 17 Aug 2015
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
CVE-2015-3805 (v2: 7.2) 17 Aug 2015
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
CVE-2015-3787 (v2: 3.3) 16 Aug 2015
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
CVE-2015-3758 (v2: 4.3) 16 Aug 2015
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
CVE-2015-3760 (v2: 7.2) 16 Aug 2015
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
CVE-2015-3774 (v2: 4.8) 16 Aug 2015
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
CVE-2015-3726 (v2: 4.6) 3 Jul 2015
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
CVE-2015-4148 (v2: 5) 9 Jun 2015
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
CVE-2015-3415 (v2: 7.5) 24 Apr 2015
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CVE-2015-1126 (v2: 4.3) 10 Apr 2015
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
CVE-2015-1131 (v2: 7.2) 10 Apr 2015
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1132 (v2: 10) 10 Apr 2015
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1133 (v2: 7.2) 10 Apr 2015
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1134 (v2: 7.2) 10 Apr 2015
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
CVE-2015-1135 (v2: 7.2) 10 Apr 2015
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
CVE-2015-1138 (v2: 4.9) 10 Apr 2015
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
CVE-2015-1139 (v2: 6.8) 10 Apr 2015
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
CVE-2015-1142 (v2: 2.1) 10 Apr 2015
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
CVE-2015-1086 (v2: 6.9) 10 Apr 2015
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-1088 (v2: 6.8) 10 Apr 2015
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2015-1102 (v2: 7.1) 10 Apr 2015
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1103 (v2: 7.5) 10 Apr 2015
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
CVE-2015-1104 (v2: 5) 10 Apr 2015
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1105 (v2: 5) 10 Apr 2015
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.