iOS and iPadOS
by Apple Inc.
CVEs (919)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-44139 | 0.00 | — | 0.00 | Sep 16, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | |||
| CVE-2024-27879 | 0.00 | — | 0.01 | Sep 16, 2024 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination. | |||
| CVE-2024-40840 | 0.00 | — | 0.00 | Sep 16, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data. | |||
| CVE-2024-27874 | 0.00 | — | 0.01 | Sep 16, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service. | |||
| CVE-2024-44171 | 0.00 | — | 0.00 | Sep 16, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features. | |||
| CVE-2024-44147 | 0.00 | — | 0.00 | Sep 16, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. | |||
| CVE-2024-27869 | 0.00 | — | 0.01 | Sep 16, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator. | |||
| CVE-2024-40826 | 0.00 | — | 0.00 | Sep 16, 2024 | A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview. | |||
| CVE-2024-44131 | 0.00 | — | 0.01 | Sep 16, 2024 | This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data. | |||
| CVE-2024-44127 | 0.00 | — | 0.01 | Sep 16, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication. | |||
| CVE-2024-40830 | 0.00 | — | 0.00 | Sep 16, 2024 | This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps. | |||
| CVE-2023-40398 | 0.00 | — | 0.00 | Jul 29, 2024 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||
| CVE-2023-42957 | 0.00 | — | 0.00 | Jul 29, 2024 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information. | |||
| CVE-2023-42925 | 0.00 | — | 0.00 | Jul 29, 2024 | The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments. | |||
| CVE-2023-42949 | 0.00 | — | 0.00 | Jul 29, 2024 | This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory. | |||
| CVE-2023-40396 | 0.00 | — | 0.00 | Jul 29, 2024 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges. | |||
| CVE-2023-42956 | 0.00 | — | 0.01 | Mar 28, 2024 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | |||
| CVE-2023-42936 | 0.00 | — | 0.00 | Mar 28, 2024 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. | |||
| CVE-2023-42950 | 0.00 | — | 0.01 | Mar 28, 2024 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2023-42947 | 0.00 | — | 0.00 | Mar 28, 2024 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox. |
- CVE-2024-44139Sep 16, 2024risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
- CVE-2024-27879Sep 16, 2024risk 0.00cvss —epss 0.01
The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.
- CVE-2024-40840Sep 16, 2024risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.
- CVE-2024-27874Sep 16, 2024risk 0.00cvss —epss 0.01
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.
- CVE-2024-44171Sep 16, 2024risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.
- CVE-2024-44147Sep 16, 2024risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.
- CVE-2024-27869Sep 16, 2024risk 0.00cvss —epss 0.01
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.
- CVE-2024-40826Sep 16, 2024risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.
- CVE-2024-44131Sep 16, 2024risk 0.00cvss —epss 0.01
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.
- CVE-2024-44127Sep 16, 2024risk 0.00cvss —epss 0.01
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.
- CVE-2024-40830Sep 16, 2024risk 0.00cvss —epss 0.00
This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.
- CVE-2023-40398Jul 29, 2024risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.
- CVE-2023-42957Jul 29, 2024risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.
- CVE-2023-42925Jul 29, 2024risk 0.00cvss —epss 0.00
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.
- CVE-2023-42949Jul 29, 2024risk 0.00cvss —epss 0.00
This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.
- CVE-2023-40396Jul 29, 2024risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2023-42956Mar 28, 2024risk 0.00cvss —epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
- CVE-2023-42936Mar 28, 2024risk 0.00cvss —epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.
- CVE-2023-42950Mar 28, 2024risk 0.00cvss —epss 0.01
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2023-42947Mar 28, 2024risk 0.00cvss —epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.
Page 10 of 46