Topic

iOS

A collection of 29 issues

CVE-2022-32828 The issue was fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, and macOS Monterey 12.5.

This can result in sensitive information being exposed to the app and potentially exploited. An app may be able to read and write to files on the file system. This can result in a malicious app being able to access data or potentially execute arbitrary code with system privileges. This

CVE-2022-32826 Authorization issue was fixed in iOS 15.6, iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina.

This issue is fixed in iOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Face ID may not work with a face that is not registered to the device. This has been fixed in iOS 15.

CVE-2020-36521 Out-of-bounds read is fixed in iOS 14.0, iCloud for Windows 11.4, iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9.

This issue is fixed in iCloud for Windows 11.4, iOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. A buffer overflow issue was addressed with additional validation. An attacker could leverage this vulnerability to execute arbitrary code on

CVE-2022-32886 An overflow issue was fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7.

This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. An issue where system extensions could load malicious code was addressed through improved extension detection. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. An issue where

CVE-2022-32854 Checks were improved in iOS 15.7 and iPadOS 15.7, iOS 16, and macOS Big Sur 11.7.

This issue is fixed in iOS 17 and macOS 10.13.2. Apps can access location data even if the Privacy setting is set to “Never.” This issue is fixed in iOS 18 and macOS 10.14.2. An app can prevent another app from starting on launch. This issue

CVE-2022-37767 Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and execute arbitrary code.

help of a remote code execution vulnerability. In order to do so, an attacker needs to gain access to a Pebble smartwatch with the attacker-controlled application installed. Then, the attacker needs to find a specific unauthenticated remote code execution in the application that can be exploited to gain full control

CVE-2022-39176 Audio information can be found in the profile before 5.59 if the params_len check is not done.

CVE-2017-9079 BlueZ before 5.60 allows physically proximate attackers to obtain sensitive information via a crafted call because the dial command does not verify that a particular string is present in the caller ID. CVE-2017-9417 In BlueZ before 5.60, there is a NULL pointer dereference in function hci_msm_

CVE-2021-40326 Foxit PDF Reader before 11.1 and PDF Editor before 11.1 can mishandle hidden and incremental data in signed documents.

PhantomPDF, Foxit PDF Reader and Foxit PDF Editor are packed as a plugin for Firefox and Chrome. Foxit PDF Plugin before 11.1 and Foxit PDF Editor before 11.1 are vulnerable to an out-of-bounds write vulnerability. An attacker can write to an arbitrary file, and display controlled contents, during

CVE-2022-32893 An out-of-bounds write issue was fixed in iOS/iPadOS/MacOS Monterey/Safari 15.6.1. Malicious content may lead to arbitrary code execution.

The issue is addressed by installing the latest software updates. An out-of-bounds read issue was discovered in the caching of font assets. This issue may allow a remote attacker to exploit memory corruption and gain access to potentially sensitive information. Apple is aware of a report that this issue was

CVE-2022-1868 An attacker could bypass navigation restrictions in Google Chrome if they convinced a user to install a malicious extension.

If you have installed a malicious extension or have a compromised device, an attacker could potentially trick you into visiting a specifically crafted website, causing Chrome to try to navigate to an external site instead of the desired one. This issue was resolved in Google Chrome 102.0.5 prior