The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apple iOS

computer vulnerability alert CVE-2018-5383

Bluetooth Firmware: information disclosure via Weak Elliptic Curve Parameters

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Weak Elliptic Curve Parameters of Bluetooth Firmware, in order to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Android OS, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Creation date: 19/02/2019.
Identifiers: CERTFR-2019-AVI-188, CVE-2018-5383, DLA-1747-1, HT208848, HT208849, HT208937, HT209139, openSUSE-SU-2019:0275-1, SUSE-SU-2019:0422-1, SUSE-SU-2019:0427-1, SUSE-SU-2019:0427-2, SUSE-SU-2019:0466-1, VIGILANCE-VUL-28536.

Description of the vulnerability

An attacker can bypass access restrictions to data via Weak Elliptic Curve Parameters of Bluetooth Firmware, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-4416 CVE-2018-4438 CVE-2018-4441

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 23/01/2019.
Identifiers: bulletinjan2019, CVE-2018-4416, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464, HT209340, openSUSE-SU-2019:0081-1, openSUSE-SU-2019:0108-1, openSUSE-SU-2019:0308-1, SUSE-SU-2019:0146-1, SUSE-SU-2019:0497-1, VIGILANCE-VUL-28338.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-4373 CVE-2018-4375 CVE-2018-4376

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 22/01/2019.
Identifiers: CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, HT209192, openSUSE-SU-2019:0068-1, openSUSE-SU-2019:0081-1, VIGILANCE-VUL-28321.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-2520

SQLite: buffer overflow via sqlite3_value_text

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 384, CVE-2017-2520, HT207797, HT207798, VIGILANCE-VUL-28256.

Description of the vulnerability

An attacker can trigger a buffer overflow via sqlite3_value_text() of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-2519

SQLite: memory corruption via Table Objects

Synthesis of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 288, CVE-2017-2519, HT207797, HT207798, VIGILANCE-VUL-28255.

Description of the vulnerability

An attacker can trigger a memory corruption via Table Objects of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-2518

SQLite: use after free via Query Optimizer

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, SQLite.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 14/01/2019.
Identifiers: 199, CVE-2017-2518, HT207797, HT207798, VIGILANCE-VUL-28254.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Query Optimizer of SQLite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-4345

WebKitGTK+: information disclosure via Cross-origin Image Data

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross-origin Image Data of WebKitGTK+, in order to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 05/11/2018.
Identifiers: CVE-2018-4345, FEDORA-2018-509fc4a5c8, FEDORA-2018-a1f37d2f08, HT209106, openSUSE-SU-2019:0068-1, openSUSE-SU-2019:0081-1, SUSE-SU-2019:0092-1, USN-3828-1, VIGILANCE-VUL-27678.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross-origin Image Data of WebKitGTK+, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-4379 CVE-2018-4380

Apple iOS: two vulnerabilities via Screen Lock Bypass

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Screen Lock Bypass of Apple iOS.
Impacted products: iOS by Apple, iPhone.
Severity: 2/4.
Consequences: data reading.
Provenance: physical access.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/10/2018.
Identifiers: CERTFR-2018-AVI-475, CVE-2018-4379, CVE-2018-4380, HT209162, VIGILANCE-VUL-27442.

Description of the vulnerability

An attacker can use several vulnerabilities via Screen Lock Bypass of Apple iOS.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-4246 CVE-2018-4261 CVE-2018-4262

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 16/08/2018.
Identifiers: bulletinoct2018, CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, HT208938, openSUSE-SU-2018:2781-1, openSUSE-SU-2018:3473-1, openSUSE-SU-2019:0068-1, SUSE-SU-2018:2752-1, SUSE-SU-2018:3387-1, USN-3743-1, VIGILANCE-VUL-27024.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-4248 CVE-2018-4260 CVE-2018-4274

Apple iOS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Impacted products: iOS by Apple, iPhone.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 10/07/2018.
Identifiers: CERTFR-2018-AVI-329, CVE-2018-4248, CVE-2018-4260, CVE-2018-4274, CVE-2018-4275, CVE-2018-4277, CVE-2018-4280, CVE-2018-4282, CVE-2018-4290, CVE-2018-4293, HT208938, VIGILANCE-VUL-26661.

Description of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apple iOS: