The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-4226 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on the reading of sensitive user information. | LOW | Jun 9, 2018 |
| CVE-2018-4225 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on Keychain state modifications. | LOW | Jun 9, 2018 |
| CVE-2018-4224 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier. | LOW | Jun 9, 2018 |
| CVE-2018-4223 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Security component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier. | LOW | Jun 9, 2018 |
| CVE-2018-4222 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. | MEDIUM | Jun 19, 2018 |
| CVE-2018-4221 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the Security component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4220 | An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the Swift for Ubuntu component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading. | HIGH | Jun 9, 2018 |
| CVE-2018-4219 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the ATS component. It allows attackers to gain privileges via a crafted app that leverages type confusion. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4218 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. | MEDIUM | Jun 19, 2018 |
| CVE-2018-4217 | In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. | MEDIUM | Jan 11, 2019 |
| CVE-2018-4216 | A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1. | MEDIUM | Apr 4, 2019 |
| CVE-2018-4215 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the Bluetooth component. It allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted app. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4214 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the WebKit component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4213 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | MEDIUM | Jan 12, 2019 |
| CVE-2018-4212 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | MEDIUM | Jan 12, 2019 |
| CVE-2018-4211 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the FontParser component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4210 | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. | MEDIUM | Jan 12, 2019 |
| CVE-2018-4209 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | MEDIUM | Jan 12, 2019 |
| CVE-2018-4208 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | MEDIUM | Jan 12, 2019 |
| CVE-2018-4207 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | MEDIUM | Jan 12, 2019 |
| CVE-2018-4206 | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the Crash Reporter component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4205 | An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the Safari component. It allows remote attackers to spoof the address bar via a crafted web site. | MEDIUM | Jun 11, 2018 |
| CVE-2018-4204 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4203 | An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | MEDIUM | Apr 4, 2019 |
| CVE-2018-4202 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the iBooks component. It allows man-in-the-middle attackers to spoof a password prompt. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4201 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4200 | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4199 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. | MEDIUM | Jun 19, 2018 |
| CVE-2018-4198 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the UIKit component. It allows remote attackers to cause a denial of service via a crafted text file. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4197 | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | MEDIUM | Apr 4, 2019 |
| CVE-2018-4196 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the Accessibility Framework component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app. | HIGH | Jun 9, 2018 |
| CVE-2018-4195 | An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12. | MEDIUM | Apr 5, 2019 |
| CVE-2018-4194 | In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. | MEDIUM | Jan 14, 2019 |
| CVE-2018-4193 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the Windows Server component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Jun 9, 2018 |
| CVE-2018-4192 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4191 | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | MEDIUM | Apr 4, 2019 |
| CVE-2018-4190 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | MEDIUM | Jun 19, 2018 |
| CVE-2018-4189 | In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. | HIGH | Jan 14, 2019 |
| CVE-2018-4188 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the WebKit component. It allows remote attackers to spoof the address bar via a crafted web site. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4187 | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the LinkPresentation component. It allows remote attackers to spoof the UI via a crafted URL in a text message. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4186 | In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. | MEDIUM | Jan 11, 2019 |
| CVE-2018-4185 | In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. | MEDIUM | Jan 14, 2019 |
| CVE-2018-4184 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the Speech component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. | MEDIUM | Jun 9, 2018 |
| CVE-2018-4183 | In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. | HIGH | Aug 14, 2018 |
| CVE-2018-4182 | In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. | HIGH | Aug 14, 2018 |
| CVE-2018-4181 | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | MEDIUM | Aug 14, 2018 |
| CVE-2018-4180 | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | MEDIUM | Aug 14, 2018 |
| CVE-2018-4179 | In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. | LOW | Jan 11, 2019 |
| CVE-2018-4178 | A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. | LOW | Apr 4, 2019 |
| CVE-2018-4176 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Disk Images component. It allows attackers to trigger an app launch upon mounting a crafted disk image. | MEDIUM | Apr 3, 2018 |
