VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2024-44260MedOct 28, 2024
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious app with root privileges may be able to modify the contents of system files.

  • CVE-2024-44207MedOct 4, 2024
    risk 0.29cvss 4.3epss 0.09

    This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.

  • CVE-2024-44130MedSep 17, 2024
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.

  • CVE-2024-40825MedSep 17, 2024
    risk 0.29cvss 4.4epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, visionOS 2. A malicious app with root privileges may be able to modify the contents of system files.

  • CVE-2024-40834MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings.

  • CVE-2024-27883MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

  • CVE-2024-27882MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

  • CVE-2024-27853MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

  • CVE-2023-42952MedFeb 21, 2024
    risk 0.29cvss 4.4epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.

  • CVE-2023-40425MedOct 25, 2023
    risk 0.29cvss 4.4epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.

  • CVE-2023-41981MedSep 27, 2023
    risk 0.29cvss 4.4epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory…

  • CVE-2022-32782MedSep 23, 2022
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.

  • CVE-2022-32781MedSep 23, 2022
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.

  • CVE-2022-26688MedMay 26, 2022
    risk 0.29cvss 4.4epss 0.00

    An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.

  • CVE-2021-1824MedSep 8, 2021
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.

  • CVE-2021-1780MedApr 2, 2021
    risk 0.29cvss 4.4epss 0.00

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.

  • CVE-2020-9978MedApr 2, 2021
    risk 0.29cvss 4.5epss 0.01

    This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network…

  • CVE-2020-3835MedFeb 27, 2020
    risk 0.29cvss 4.4epss 0.00

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files.

  • CVE-2016-4686MedFeb 20, 2017
    risk 0.29cvss 4.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.

  • CVE-2016-1837MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial…

  • CVE-2016-1836MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1833MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.03

    The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2026-28917MedMay 11, 2026
    risk 0.28cvss 4.3epss 0.00

    The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2026-28901MedMay 11, 2026
    risk 0.28cvss 4.3epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2026-28861MedMar 25, 2026
    risk 0.28cvss 4.3epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.

  • CVE-2026-20635MedFeb 11, 2026
    risk 0.28cvss 4.3epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-46316MedJan 28, 2026
    risk 0.28cvss 4.3epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory.

  • CVE-2025-46299MedJan 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.

  • CVE-2025-43536MedDec 17, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43374MedNov 21, 2025
    risk 0.28cvss 4.3epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able…

  • CVE-2025-31266MedNov 21, 2025
    risk 0.28cvss 4.3epss 0.00

    A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.

  • CVE-2025-43503MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Visiting a malicious website may lead to user interface…

  • CVE-2025-43493MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.00

    The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing.

  • CVE-2025-43458MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-43445MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously…

  • CVE-2025-43443MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43441MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43438MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-43435MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-43434MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2025-43432MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43430MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43429MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an…

  • CVE-2025-43427MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43425MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43421MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43392MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.

  • CVE-2025-43385MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to…

  • CVE-2025-43384MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to…

Page 93 of 170