Apple: >> Iphone Os >> 9.2 Security Vulnerabilities
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-01-11
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-01-11
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-01-11
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-01-11
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-01-11
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-01-11
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-01-11
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-01-11
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-11-15
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
CVSS Score
8.0
EPSS Score
0.008
Published
2018-08-07