| iOS and iPadOS |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability |
2023-10-05 |
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-10-26 |
CVE-2023-42824 |
| Multiple Products |
Apple Multiple Products Improper Certificate Validation Vulnerability |
2023-09-25 |
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-10-16 |
CVE-2023-41991 |
| Multiple Products |
Apple Multiple Products Kernel Privilege Escalation Vulnerability |
2023-09-25 |
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-10-16 |
CVE-2023-41992 |
| Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability |
2023-09-25 |
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-10-16 |
CVE-2023-41993 |
| iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability |
2023-09-11 |
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-10-02 |
CVE-2023-41064 |
| iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability |
2023-09-11 |
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-10-02 |
CVE-2023-41061 |
| Multiple Products |
Apple Multiple Products Kernel Unspecified Vulnerability |
2023-07-26 |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
2023-08-16 |
CVE-2023-38606 |
| Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability |
2023-07-13 |
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. |
Apply updates per vendor instructions. |
2023-08-03 |
CVE-2023-37450 |
| Multiple Products |
Apple Multiple Products Integer Overflow Vulnerability |
2023-06-23 |
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. |
Apply updates per vendor instructions. |
2023-07-14 |
CVE-2023-32434 |
| iOS and macOS |
Apple iOS and iPadOS WebKit Memory Corruption Vulnerability |
2023-06-23 |
Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. |
Apply updates per vendor instructions. |
2023-07-14 |
CVE-2023-32435 |
| Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability |
2023-06-23 |
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. |
Apply updates per vendor instructions. |
2023-07-14 |
CVE-2023-32439 |
| Multiple Products |
Apple Multiple Products WebKit Sandbox Escape Vulnerability |
2023-05-22 |
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. |
Apply updates per vendor instructions. |
2023-06-12 |
CVE-2023-32409 |
| Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability |
2023-05-22 |
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information. |
Apply updates per vendor instructions. |
2023-06-12 |
CVE-2023-28204 |
| Multiple Products |
Apple Multiple Products WebKit Use-After-Free Vulnerability |
2023-05-22 |
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution. |
Apply updates per vendor instructions. |
2023-06-12 |
CVE-2023-32373 |
| macOS |
Apple macOS Use-After-Free Vulnerability |
2023-04-17 |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. |
Apply updates per vendor instructions. |
2023-05-08 |
CVE-2019-8526 |
| Multiple Products |
Apple Multiple Products WebKit Use-After-Free Vulnerability |
04/10/23 |
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. |
Apply updates per vendor instructions. |
05/01/23 |
CVE-2023-28205 |
| iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability |
04/10/23 |
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. |
Apply updates per vendor instructions. |
05/01/23 |
CVE-2023-28206 |
| iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability |
03/30/23 |
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. |
Apply updates per vendor instructions. |
04/20/23 |
CVE-2021-30900 |
| Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability |
02/14/23 |
WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. |
Apply updates per vendor instructions. |
01/04/23 |
CVE-2023-23529 |
| iOS |
Apple iOS Type Confusion Vulnerability |
12/14/22 |
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. |
Apply updates per vendor instructions. |
01/04/23 |
CVE-2022-42856 |
| iOS and iPadOS |
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability |
10/25/22 |
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. |
Apply updates per vendor instructions. |
11/15/22 |
CVE-2022-42827 |
| iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability |
9/14/22 |
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. |
Apply updates per vendor instructions. |
10/5/22 |
CVE-2022-32917 |
| OS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Input Validation Vulnerability |
9/8/22 |
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. |
Apply updates per vendor instructions. |
9/29/22 |
CVE-2021-31010 |
| iOS, macOS, watchOS |
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability |
8/25/22 |
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. |
Apply updates per vendor instructions. |
9/15/22 |
CVE-2021-31010 |
| iOS and macOS |
Apple iOS and macOS Out-of-Bounds Write Vulnerability |
8/18/22 |
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. |
Apply updates per vendor instructions. |
9/8/22 |
CVE-2022-32894 |
| iOS and macOS |
Apple iOS and macOS Out-of-Bounds Write Vulnerability |
8/18/22 |
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. |
Apply updates per vendor instructions. |
9/8/22 |
CVE-2022-32893 |
| iOS and iPadOS |
Apple iOS and iPadOS Buffer Overflow Vulnerability |
6/27/22 |
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. |
Apply updates per vendor instructions. |
7/18/22 |
CVE-2021-30983 |
| Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability |
6/27/22 |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. |
Apply updates per vendor instructions. |
7/18/22 |
CVE-2020-3837 |
| Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability |
6/27/22 |
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. |
Apply updates per vendor instructions. |
7/18/22 |
CVE-2020-9907 |
| Multiple Products |
Apple Multiple Products Use-After-Free Vulnerability |
6/27/22 |
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. |
Apply updates per vendor instructions. |
7/18/22 |
CVE-2019-8605 |
| Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability |
6/27/22 |
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. |
Apply updates per vendor instructions. |
7/18/22 |
CVE-2018-4344 |
| iOS |
Apple iOS Information Disclosure Vulnerability |
5/24/22 |
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. |
Apply updates per vendor instructions. |
6/14/22 |
CVE-2016-4655 |
| iOS |
Apple iOS Memory Corruption Vulnerability |
5/24/22 |
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. |
Apply updates per vendor instructions. |
6/14/22 |
CVE-2016-4656 |
| iOS |
Apple iOS Webkit Memory Corruption Vulnerability |
5/24/22 |
WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. |
Apply updates per vendor instructions. |
6/14/22 |
CVE-2016-4657 |
| Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability |
5/23/22 |
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. |
Apply updates per vendor instructions. |
6/13/22 |
CVE-2021-30883 |
| Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability |
5/23/22 |
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. |
Apply updates per vendor instructions. |
6/13/22 |
CVE-2019-7286 |
| iOS |
Apple iOS Memory Corruption Vulnerability |
5/23/22 |
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. |
Apply updates per vendor instructions. |
6/13/22 |
CVE-2019-7287 |
| Multiple Products |
Apple Multiple Products Type Confusion Vulnerability |
5/4/22 |
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. |
Apply updates per vendor instructions. |
5/25/22 |
CVE-2021-1789 |
| Multiple Products |
Apple Multiple Products Type Confusion Vulnerability |
5/4/22 |
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. |
Apply updates per vendor instructions. |
5/25/22 |
CVE-2019-8506 |
| macOS |
Apple macOS Out-of-Bounds Write Vulnerability |
4/4/22 |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. |
Apply updates per vendor instructions. |
4/25/22 |
CVE-2022-22675 |
| macOS |
Apple macOS Out-of-Bounds Read Vulnerability |
4/4/22 |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. |
Apply updates per vendor instructions. |
4/25/22 |
CVE-2022-22674 |
| Webkit |
Apple Webkit Remote Code Execution Vulnerability |
2/11/22 |
Apple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution. |
Apply updates per vendor instructions. |
2/25/22 |
CVE-2022-22620 |
| OS X |
Apple OS X Authentication Bypass Vulnerability |
2/10/22 |
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. |
Apply updates per vendor instructions. |
8/10/22 |
CVE-2015-1130 |
| OS X |
Apple OS X Heap-Based Buffer Overflow Vulnerability |
2/10/22 |
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. |
Apply updates per vendor instructions. |
8/10/22 |
CVE-2014-4404 |
| iOS and macOS |
Apple Memory Corruption Vulnerability |
1/28/22 |
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. |
Apply updates per vendor instructions. |
2/11/22 |
CVE-2022-22587 |
| iOS and iPadOS |
Apple 11-13.5 XNU Kernel Vulnerability |
11/3/21 |
A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. |
Apply updates per vendor instructions. |
5/3/22 |
CVE-2020-9859 |
