iOS

CVEs (634)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-54535	Apple Inc. Iphone Os	Med	0.28	4.3	0.00		Jan 15, 2025	A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.
CVE-2024-54550	Apple Inc. macOS	Med	0.26	4.0	0.00		Jan 27, 2025	This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.
CVE-2025-24145	Apple Inc. macOS	Low	0.21	3.3	0.00		Jan 27, 2025	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.
CVE-2024-44290	Apple Inc. Iphone Os	Low	0.21	3.3	0.00		Dec 12, 2024	This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.
CVE-2024-44200	Apple Inc. Iphone Os	Low	0.21	3.3	0.00		Dec 12, 2024	This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.
CVE-2024-40791	Apple Inc. macOS	Low	0.21	3.3	0.00		Sep 17, 2024	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.
CVE-2024-40778	Apple Inc. macOS	Low	0.21	3.3	0.00		Jul 29, 2024	An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.
CVE-2021-30860	Apple Inc. macOS		0.18	—	0.71	KEV	Aug 24, 2021	An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2024-54485	Apple Inc. Iphone Os	Low	0.16	2.4	0.00		Dec 12, 2024	The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-40822	Apple Inc. macOS	Low	0.16	2.4	0.00		Jul 29, 2024	This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock screen.
CVE-2020-3837	Apple Inc. macOS		0.16	—	0.06	KEV	Feb 27, 2020	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8605	Apple Inc. macOS		0.16	—	0.14	KEV	Dec 18, 2019	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
CVE-2019-8506	Apple Inc. Safari		0.16	—	0.08	KEV	Dec 18, 2019	A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2024-44123	Apple Inc. macOS	Low	0.15	2.3	0.00		Oct 28, 2024	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.
CVE-2020-9934	Apple Inc. macOS		0.15	—	0.02	KEV	Oct 16, 2020	An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
CVE-2019-7286	Apple Inc. macOS		0.15	—	0.02	KEV	Dec 18, 2019	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
CVE-2022-32917	Apple Inc. macOS		0.12	—	0.01	KEV	Sep 20, 2022	The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30666	Apple Inc. iOS		0.12	—	0.01	KEV	Sep 8, 2021	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30762	Apple Inc. iOS		0.12	—	0.00	KEV	Sep 8, 2021	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30761	Apple Inc. iOS		0.12	—	0.01	KEV	Sep 8, 2021	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2024-54535MedJan 15, 2025
Apple Inc.
Iphone Os
risk 0.28cvss 4.3epss 0.00
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.
CVE-2024-54550MedJan 27, 2025
Apple Inc.
macOS
risk 0.26cvss 4.0epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.
CVE-2025-24145LowJan 27, 2025
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.
CVE-2024-44290LowDec 12, 2024
Apple Inc.
Iphone Os
risk 0.21cvss 3.3epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.
CVE-2024-44200LowDec 12, 2024
Apple Inc.
Iphone Os
risk 0.21cvss 3.3epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.
CVE-2024-40791LowSep 17, 2024
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.
CVE-2024-40778LowJul 29, 2024
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.
CVE-2021-30860KEVAug 24, 2021
Apple Inc.
macOS
risk 0.18cvss —epss 0.71
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2024-54485LowDec 12, 2024
Apple Inc.
Iphone Os
risk 0.16cvss 2.4epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-40822LowJul 29, 2024
Apple Inc.
macOS
risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock screen.
CVE-2020-3837KEVFeb 27, 2020
Apple Inc.
macOS
risk 0.16cvss —epss 0.06
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8605KEVDec 18, 2019
Apple Inc.
macOS
risk 0.16cvss —epss 0.14
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
CVE-2019-8506KEVDec 18, 2019
Apple Inc.
Safari
risk 0.16cvss —epss 0.08
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2024-44123LowOct 28, 2024
Apple Inc.
macOS
risk 0.15cvss 2.3epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.
CVE-2020-9934KEVOct 16, 2020
Apple Inc.
macOS
risk 0.15cvss —epss 0.02
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
CVE-2019-7286KEVDec 18, 2019
Apple Inc.
macOS
risk 0.15cvss —epss 0.02
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
CVE-2022-32917KEVSep 20, 2022
Apple Inc.
macOS
risk 0.12cvss —epss 0.01
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30666KEVSep 8, 2021
Apple Inc.
iOS
risk 0.12cvss —epss 0.01
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30762KEVSep 8, 2021
Apple Inc.
iOS
risk 0.12cvss —epss 0.00
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30761KEVSep 8, 2021
Apple Inc.
iOS
risk 0.12cvss —epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Page 7 of 32