tvOS

CVEs (1,838)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-24085	Apple Inc. macOS	Cri	0.81	10.0	0.19	KEV	Jan 27, 2025	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to…
CVE-2025-31201	Apple Inc. macOS	Cri	0.76	9.8	0.12	KEV	Apr 16, 2025	This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of…
CVE-2025-31200	Apple Inc. macOS	Cri	0.76	9.8	0.21	KEV	Apr 16, 2025	A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code…
CVE-2014-4404	Apple Inc. iOS	Hig	0.70	7.8	0.49	KEV	Sep 18, 2014	Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
CVE-2025-43529	Apple Inc. macOS	Hig	0.69	8.8	0.08	KEV	Dec 17, 2025	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to…
CVE-2025-31277	Apple Inc. macOS	Hig	0.69	8.8	0.01	KEV	Jul 30, 2025	The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2024-23222	Apple Inc. macOS	Hig	0.69	8.8	0.11	KEV	Jan 23, 2024	A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2.…
CVE-2016-0801	Google Android	Cri	0.69	9.8	0.33		Feb 7, 2016	The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal…
CVE-2017-2523	Apple Inc. tvOS	Cri	0.68	9.8	0.11		May 22, 2017	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary…
CVE-2017-11120	Broadcom Corporation BCM4355C0 Wi-Fi chips	Cri	0.67	9.8	0.09		Sep 28, 2017	On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
CVE-2017-2524	Apple Inc. tvOS	Cri	0.67	9.8	0.07		May 22, 2017	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary…
CVE-2017-2522	Apple Inc. tvOS	Cri	0.67	9.8	0.07		May 22, 2017	An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute…
CVE-2018-4233	Apple Inc. Safari	Hig	0.65	8.8	0.54		Jun 8, 2018	An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
CVE-2015-8659	Nghttp2 Nghttp2	Cri	0.65	10.0	0.04		Jan 12, 2016	The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
CVE-2025-43359	Apple Inc. macOS	Cri	0.64	9.8	0.01		Sep 15, 2025	A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become…
CVE-2025-43347	Apple Inc. macOS	Cri	0.64	9.8	0.01		Sep 15, 2025	This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An input validation issue was addressed.
CVE-2025-43343	Apple Inc. macOS	Cri	0.64	9.8	0.01		Sep 15, 2025	The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43342	Apple Inc. macOS	Cri	0.64	9.8	0.01		Sep 15, 2025	A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-31255	Apple Inc. macOS	Cri	0.64	9.8	0.01		Sep 15, 2025	An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.
CVE-2025-43234	Apple Inc. macOS	Cri	0.64	9.8	0.01		Jul 30, 2025	Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

CVE-2025-24085CriKEVJan 27, 2025
Apple Inc.
macOS
risk 0.81cvss 10.0epss 0.19
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to…
CVE-2025-31201CriKEVApr 16, 2025
Apple Inc.
macOS
risk 0.76cvss 9.8epss 0.12
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of…
CVE-2025-31200CriKEVApr 16, 2025
Apple Inc.
macOS
risk 0.76cvss 9.8epss 0.21
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code…
CVE-2014-4404HigKEVSep 18, 2014
Apple Inc.
iOS
risk 0.70cvss 7.8epss 0.49
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
CVE-2025-43529HigKEVDec 17, 2025
Apple Inc.
macOS
risk 0.69cvss 8.8epss 0.08
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to…
CVE-2025-31277HigKEVJul 30, 2025
Apple Inc.
macOS
risk 0.69cvss 8.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2024-23222HigKEVJan 23, 2024
Apple Inc.
macOS
risk 0.69cvss 8.8epss 0.11
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2.…
CVE-2016-0801CriFeb 7, 2016
Google
Android
risk 0.69cvss 9.8epss 0.33
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal…
CVE-2017-2523CriMay 22, 2017
Apple Inc.
tvOS
risk 0.68cvss 9.8epss 0.11
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary…
CVE-2017-11120CriSep 28, 2017
Broadcom Corporation
BCM4355C0 Wi-Fi chips
risk 0.67cvss 9.8epss 0.09
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
CVE-2017-2524CriMay 22, 2017
Apple Inc.
tvOS
risk 0.67cvss 9.8epss 0.07
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary…
CVE-2017-2522CriMay 22, 2017
Apple Inc.
tvOS
risk 0.67cvss 9.8epss 0.07
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute…
CVE-2018-4233HigJun 8, 2018
Apple Inc.
Safari
risk 0.65cvss 8.8epss 0.54
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
CVE-2015-8659CriJan 12, 2016
Nghttp2
Nghttp2
risk 0.65cvss 10.0epss 0.04
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
CVE-2025-43359CriSep 15, 2025
Apple Inc.
macOS
risk 0.64cvss 9.8epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become…
CVE-2025-43347CriSep 15, 2025
Apple Inc.
macOS
risk 0.64cvss 9.8epss 0.01
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An input validation issue was addressed.
CVE-2025-43343CriSep 15, 2025
Apple Inc.
macOS
risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43342CriSep 15, 2025
Apple Inc.
macOS
risk 0.64cvss 9.8epss 0.01
A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-31255CriSep 15, 2025
Apple Inc.
macOS
risk 0.64cvss 9.8epss 0.01
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.
CVE-2025-43234CriJul 30, 2025
Apple Inc.
macOS
risk 0.64cvss 9.8epss 0.01
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

Page 1 of 92