Safari
by Apple Inc.
CVEs (1,615)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24201 | Cri | 0.77 | 10.0 | 0.04 | KEV | Mar 11, 2025 | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2,… | |
| CVE-2010-1205 | Cri | 0.70 | 9.8 | 0.43 | Jun 30, 2010 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||
| CVE-2025-43529 | Hig | 0.69 | 8.8 | 0.08 | KEV | Dec 17, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to… | |
| CVE-2025-31277 | Hig | 0.69 | 8.8 | 0.01 | KEV | Jul 30, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. | |
| CVE-2024-44308 | Hig | 0.69 | 8.8 | 0.09 | KEV | Nov 20, 2024 | The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware… | |
| CVE-2024-23222 | Hig | 0.69 | 8.8 | 0.11 | KEV | Jan 23, 2024 | A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2.… | |
| CVE-2018-4233 | Hig | 0.65 | 8.8 | 0.54 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue… | ||
| CVE-2025-43526 | Cri | 0.64 | 9.8 | 0.01 | Dec 17, 2025 | This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted. | ||
| CVE-2025-43343 | Cri | 0.64 | 9.8 | 0.01 | Sep 15, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2025-43342 | Cri | 0.64 | 9.8 | 0.01 | Sep 15, 2025 | A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | ||
| CVE-2025-43209 | Cri | 0.64 | 9.8 | 0.01 | Jul 30, 2025 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web… | ||
| CVE-2025-30466 | Cri | 0.64 | 9.8 | 0.00 | May 29, 2025 | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy. | ||
| CVE-2025-24264 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||
| CVE-2025-24167 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2025 | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. A download's origin may be incorrectly associated. | ||
| CVE-2024-54534 | Cri | 0.64 | 9.8 | 0.01 | Dec 12, 2024 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption. | ||
| CVE-2017-17821 | Cri | 0.64 | 9.8 | 0.01 | Dec 21, 2017 | WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in… | ||
| CVE-2017-5949 | Cri | 0.64 | 9.8 | 0.02 | Apr 3, 2017 | JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers… | ||
| CVE-2018-4162 | Hig | 0.63 | 8.8 | 0.39 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves… | ||
| CVE-2016-4734 | Cri | 0.63 | 9.6 | 0.03 | Sep 25, 2016 | WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and… | ||
| CVE-2018-4222 | Hig | 0.61 | 8.8 | 0.11 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue… |
- risk 0.77cvss 10.0epss 0.04
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2,…
- risk 0.70cvss 9.8epss 0.43
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
- risk 0.69cvss 8.8epss 0.08
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to…
- risk 0.69cvss 8.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
- risk 0.69cvss 8.8epss 0.09
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware…
- risk 0.69cvss 8.8epss 0.11
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2.…
- risk 0.65cvss 8.8epss 0.54
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
- risk 0.64cvss 9.8epss 0.01
This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
- risk 0.64cvss 9.8epss 0.01
A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
- risk 0.64cvss 9.8epss 0.01
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web…
- risk 0.64cvss 9.8epss 0.00
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy.
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
- risk 0.64cvss 9.8epss 0.01
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. A download's origin may be incorrectly associated.
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
- risk 0.64cvss 9.8epss 0.01
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in…
- risk 0.64cvss 9.8epss 0.02
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers…
- risk 0.63cvss 8.8epss 0.39
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves…
- risk 0.63cvss 9.6epss 0.03
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and…
- risk 0.61cvss 8.8epss 0.11
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
Page 1 of 81