The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
Max CVSS
5.9
EPSS Score
0.14%
Published
2011-06-24
Updated
2024-02-09
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.
Max CVSS
5.9
EPSS Score
0.06%
Published
2016-03-14
Updated
2016-12-03
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
Max CVSS
5.9
EPSS Score
0.45%
Published
2016-03-24
Updated
2016-12-03
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
Max CVSS
5.9
EPSS Score
0.18%
Published
2019-01-11
Updated
2019-01-17
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
Max CVSS
5.9
EPSS Score
0.12%
Published
2017-02-20
Updated
2017-02-21
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
Max CVSS
5.9
EPSS Score
0.10%
Published
2017-02-20
Updated
2017-02-21
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
Max CVSS
5.9
EPSS Score
0.23%
Published
2016-09-18
Updated
2017-08-13
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
Max CVSS
5.9
EPSS Score
0.21%
Published
2017-02-20
Updated
2019-03-25
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
Max CVSS
5.9
EPSS Score
0.69%
Published
2017-02-20
Updated
2018-10-30
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
Max CVSS
5.9
EPSS Score
0.17%
Published
2019-01-11
Updated
2019-01-17
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.
Max CVSS
5.9
EPSS Score
0.10%
Published
2017-04-02
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-04-02
Updated
2019-03-08
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-05-22
Updated
2017-07-08
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.
Max CVSS
5.9
EPSS Score
0.07%
Published
2018-04-03
Updated
2019-03-08
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
Max CVSS
5.9
EPSS Score
0.30%
Published
2017-12-25
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.
Max CVSS
5.9
EPSS Score
0.09%
Published
2018-04-03
Updated
2018-05-04
An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.
Max CVSS
5.9
EPSS Score
0.14%
Published
2017-12-25
Updated
2017-12-28
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
Max CVSS
5.9
EPSS Score
0.84%
Published
2018-05-16
Updated
2024-03-21
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Max CVSS
5.9
EPSS Score
0.55%
Published
2018-05-16
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
Max CVSS
5.9
EPSS Score
0.91%
Published
2018-04-03
Updated
2018-05-04
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.
Max CVSS
5.9
EPSS Score
0.15%
Published
2018-04-03
Updated
2020-08-24
An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
Max CVSS
5.9
EPSS Score
0.08%
Published
2019-04-03
Updated
2019-04-04
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
Max CVSS
5.9
EPSS Score
0.22%
Published
2018-04-03
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
Max CVSS
5.9
EPSS Score
0.16%
Published
2018-06-08
Updated
2019-10-03
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
Max CVSS
5.9
EPSS Score
0.69%
Published
2019-04-03
Updated
2019-04-04
1216 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!