The Canadian Internet Registration Authority (CIRA) Canadian Shield iOS application versions 4.0.12 and below do not validate the SSL certificate it receives when connecting to the application server.
bf1cf19e84f8affc4de78a67a8f1e677
Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.
46ada3aa4a5cf57b7f656c84696a56cc
Apple Security Advisory 2021-02-01-2 - iOS 14.4 and iPadOS 14.4 addresses buffer overflow, bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
5a08bcdee83129425fd6c1eb6b2dd555
Apple Security Advisory 2021-01-26-1 - iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.
9ea3bdc34259ca4f0ff33cda355065eb
Apple Security Advisory 2020-12-14-2 - iOS 12.5 addresses a code execution vulnerability.
fbf2576e6d5d22b3036b0586915e2dd4
Apple Security Advisory 2020-12-14-1 - iOS 14.3 and iPadOS 14.3 addresses code execution, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
806dfdd340bfdb087b03de6805c37b4c
Super Backup version 2.0.5 for iOS suffers from a directory traversal vulnerability.
dcba32401441371be6040dab9d02f9ae
Apple Security Advisory 2020-11-13-3 - Updates for iOS 14.0 and iPadOS 14.0 address buffer overflow, code execution, cross site scripting, denial of service, information leakage, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
f15d74568f4f6adf383e272deddb869b
Apple Security Advisory 2020-11-05-2 - iOS 12.4.9 is now available and addresses a code execution vulnerability.
e403bd4c30b82e389c6c41871b8a9527
Apple Security Advisory 2020-11-05-1 - iOS 14.2 and iPadOS 14.2 are now available and addresses code execution, integer overflow, out of bounds read, out of bounds write, path sanitization, and use-after-free vulnerabilities.
e316caeb924e1e7eb685c0783a056ddb
It appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue.
f3e9ce294b54d711be777bb3c9716ce7
Whitepaper called iOS Swift Anti-Jailbreak Bypass with Frida.
3faa4e36a848fdfbb9d0d8405de46e69
Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.
bf2d39afbca775367e4876e819239e81
This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
193bef4f6ec1463a50a80fcde4b59fa1
A PAC and JIT hardening bypass exists in WebKit on iOS.
a3ac179138a9ac48c78209344b6266c3
Mocha Telnet Lite for iOS version 4.2 denial of service proof of concept exploit.
07006fb34c3849a7f8b2583b33f722de
RTSP for iOS version 1.0 denial of service proof of concept exploit.
9deb3c878023b0b278fe006ec1c53422
iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().
880d5a7841d44d213ff1f1ca340b8776
Apple Security Advisory 2020-07-15-1 - iOS 13.6 and iPadOS 13.6 are now available and address buffer overflow, bypass, code execution, cross site scripting, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
930c08146b91758658c332bba05db932
VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates.
82d37852c91e2ee7b39bd7164fcdcea8
Apple iOS version 13.5.1 suffers from an issue where it is possible to circumvent the copy and paste restriction from the company profile to the private profile. Thus, it is possible to extract attachments that can be previewed ("Quick Look") in the native Mail client to any private app.
25b8c8457ca8a60d7a3cd815cbaafb53
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
cdd1c47241bd866a69b6c59cc0b23828
Apple Security Advisory 2020-06-01-1 - iOS 13.5.1 and iPadOS 13.5.1 are now available and address a code execution vulnerability.
345ba38728f3e0788398c087f24abe34
Apple Security Advisory 2020-05-26-1 - iOS 13.5 and iPadOS 13.5 address bypass, code execution, cross site scripting, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3bf84c95f1052ea67704c2a2f7179ba0
Apple Security Advisory 2020-05-26-2 - iOS 12.4.7 addresses an out of bounds write vulnerability.
f5e16f5f58e9c69a6bb267396dc8a689