Ipados
by Apple Inc.
CVEs (1,383)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30998 | Med | 0.34 | 5.3 | 0.01 | Aug 24, 2021 | A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a… | ||
| CVE-2025-24203 | Med | 0.33 | 5.0 | 0.01 | Mar 31, 2025 | The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system. | ||
| CVE-2025-24097 | Med | 0.33 | 5.0 | 0.00 | Mar 31, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata. | ||
| CVE-2024-54510 | Med | 0.33 | 5.1 | 0.00 | Dec 12, 2024 | A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state. | ||
| CVE-2021-1865 | Med | 0.33 | 5.0 | 0.00 | Sep 8, 2021 | An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. | ||
| CVE-2026-28967 | Med | 0.32 | 4.9 | 0.00 | May 11, 2026 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service. | ||
| CVE-2026-43659 | Med | 0.31 | 4.7 | 0.00 | May 11, 2026 | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data. | ||
| CVE-2025-43280 | Med | 0.31 | 4.7 | 0.00 | Oct 15, 2025 | The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode. | ||
| CVE-2025-31257 | Med | 0.31 | 4.7 | 0.01 | May 12, 2025 | This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||
| CVE-2024-27821 | Med | 0.31 | 4.7 | 0.01 | May 14, 2024 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent. | ||
| CVE-2024-23239 | Med | 0.31 | 4.7 | 0.00 | Mar 8, 2024 | A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information. | ||
| CVE-2024-23235 | Med | 0.31 | 4.7 | 0.01 | Mar 8, 2024 | A race condition was addressed with additional validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to access user-sensitive data. | ||
| CVE-2023-42941 | Med | 0.31 | 4.8 | 0.00 | Jan 10, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets. | ||
| CVE-2022-32919 | Med | 0.31 | 4.7 | 0.01 | Jan 10, 2024 | The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. | ||
| CVE-2022-26765 | Med | 0.31 | 4.7 | 0.00 | May 26, 2022 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | ||
| CVE-2022-26764 | Med | 0.31 | 4.7 | 0.01 | May 26, 2022 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | ||
| CVE-2021-30884 | Med | 0.31 | 4.7 | 0.01 | Aug 24, 2021 | The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history. | ||
| CVE-2026-20661 | Med | 0.30 | 4.6 | 0.00 | Feb 11, 2026 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | ||
| CVE-2026-20645 | Med | 0.30 | 4.6 | 0.00 | Feb 11, 2026 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | ||
| CVE-2026-20605 | Med | 0.30 | 4.6 | 0.00 | Feb 11, 2026 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process. |
- risk 0.34cvss 5.3epss 0.01
A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a…
- risk 0.33cvss 5.0epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
- risk 0.33cvss 5.0epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.
- risk 0.33cvss 5.1epss 0.00
A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state.
- risk 0.33cvss 5.0epss 0.00
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.
- risk 0.32cvss 4.9epss 0.00
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.
- risk 0.31cvss 4.7epss 0.00
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
- risk 0.31cvss 4.7epss 0.00
The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
- risk 0.31cvss 4.7epss 0.01
This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
- risk 0.31cvss 4.7epss 0.01
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent.
- risk 0.31cvss 4.7epss 0.00
A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.
- risk 0.31cvss 4.7epss 0.01
A race condition was addressed with additional validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to access user-sensitive data.
- risk 0.31cvss 4.8epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.
- risk 0.31cvss 4.7epss 0.01
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
- risk 0.31cvss 4.7epss 0.00
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
- risk 0.31cvss 4.7epss 0.01
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
- risk 0.31cvss 4.7epss 0.01
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.
- risk 0.30cvss 4.6epss 0.00
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.
- risk 0.30cvss 4.6epss 0.00
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.
- risk 0.30cvss 4.6epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.
Page 55 of 70