2023 Apple & iOS Vulnerabilities from CISA

Vulnerabilities and Exploits From CISA
Written by Eric Cisternelli
Sr. Digital Marketing Manager

Use this curated list of 2022 - 2023 CISA Known Exploited Vulnerabilities as a quick, actionable guide to securing Apple products, including macOS, iPadOS, watchOS and iOS known exploited vulnerabilities.

 

Product Vulnerability Name Date Added Short Description Required Action Due Date Detail Link
iOS and iPadOS Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability 2023-10-05 Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-26 CVE-2023-42824
Multiple Products Apple Multiple Products Improper Certificate Validation Vulnerability 2023-09-25 Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-16 CVE-2023-41991
Multiple Products Apple Multiple Products Kernel Privilege Escalation Vulnerability 2023-09-25 Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-16 CVE-2023-41992
Multiple Products Apple Multiple Products WebKit Code Execution Vulnerability 2023-09-25 Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-16 CVE-2023-41993
iOS, iPadOS, and macOS Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability 2023-09-11 Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-02 CVE-2023-41064
iOS, iPadOS, and watchOS Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability 2023-09-11 Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-02 CVE-2023-41061
Multiple Products Apple Multiple Products Kernel Unspecified Vulnerability 2023-07-26 Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-08-16 CVE-2023-38606
Multiple Products Apple Multiple Products WebKit Code Execution Vulnerability 2023-07-13 Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. Apply updates per vendor instructions. 2023-08-03 CVE-2023-37450
Multiple Products Apple Multiple Products Integer Overflow Vulnerability 2023-06-23 Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 2023-07-14 CVE-2023-32434
iOS and macOS Apple iOS and iPadOS WebKit Memory Corruption Vulnerability 2023-06-23 Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. Apply updates per vendor instructions. 2023-07-14 CVE-2023-32435
Multiple Products Apple Multiple Products WebKit Type Confusion Vulnerability 2023-06-23 Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. Apply updates per vendor instructions. 2023-07-14 CVE-2023-32439
Multiple Products Apple Multiple Products WebKit Sandbox Escape Vulnerability 2023-05-22 Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. Apply updates per vendor instructions. 2023-06-12 CVE-2023-32409
Multiple Products Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability 2023-05-22 Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information. Apply updates per vendor instructions. 2023-06-12 CVE-2023-28204
Multiple Products Apple Multiple Products WebKit Use-After-Free Vulnerability 2023-05-22 Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution. Apply updates per vendor instructions. 2023-06-12 CVE-2023-32373
macOS Apple macOS Use-After-Free Vulnerability 2023-04-17 Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. Apply updates per vendor instructions. 2023-05-08 CVE-2019-8526
Multiple Products Apple Multiple Products WebKit Use-After-Free Vulnerability 04/10/23 Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. Apply updates per vendor instructions. 05/01/23 CVE-2023-28205
iOS, iPadOS, and macOS Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability 04/10/23 Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. Apply updates per vendor instructions. 05/01/23 CVE-2023-28206
iOS, iPadOS, and macOS Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability 03/30/23 Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. Apply updates per vendor instructions. 04/20/23 CVE-2021-30900
Multiple Products Apple Multiple Products WebKit Type Confusion Vulnerability 02/14/23 WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. Apply updates per vendor instructions. 01/04/23 CVE-2023-23529
iOS Apple iOS Type Confusion Vulnerability 12/14/22 Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. Apply updates per vendor instructions. 01/04/23 CVE-2022-42856
iOS and iPadOS Apple iOS and iPadOS Out-of-Bounds Write Vulnerability 10/25/22 Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. Apply updates per vendor instructions. 11/15/22 CVE-2022-42827
iOS, iPadOS, and macOS Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability 9/14/22 Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. Apply updates per vendor instructions. 10/5/22 CVE-2022-32917
OS, iPadOS, and macOS Apple iOS, iPadOS, and macOS Input Validation Vulnerability 9/8/22 Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. Apply updates per vendor instructions. 9/29/22 CVE-2021-31010
iOS, macOS, watchOS Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability 8/25/22 In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. Apply updates per vendor instructions. 9/15/22 CVE-2021-31010
iOS and macOS Apple iOS and macOS Out-of-Bounds Write Vulnerability 8/18/22 Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 9/8/22 CVE-2022-32894
iOS and macOS Apple iOS and macOS Out-of-Bounds Write Vulnerability 8/18/22 Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. Apply updates per vendor instructions. 9/8/22 CVE-2022-32893
iOS and iPadOS Apple iOS and iPadOS Buffer Overflow Vulnerability 6/27/22 Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 7/18/22 CVE-2021-30983
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 6/27/22 Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 7/18/22 CVE-2020-3837
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 6/27/22 Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 7/18/22 CVE-2020-9907
Multiple Products Apple Multiple Products Use-After-Free Vulnerability 6/27/22 A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. Apply updates per vendor instructions. 7/18/22 CVE-2019-8605
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 6/27/22 Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. Apply updates per vendor instructions. 7/18/22 CVE-2018-4344
iOS Apple iOS Information Disclosure Vulnerability 5/24/22 The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. Apply updates per vendor instructions. 6/14/22 CVE-2016-4655
iOS Apple iOS Memory Corruption Vulnerability 5/24/22 A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. Apply updates per vendor instructions. 6/14/22 CVE-2016-4656
iOS Apple iOS Webkit Memory Corruption Vulnerability 5/24/22 WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. Apply updates per vendor instructions. 6/14/22 CVE-2016-4657
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 5/23/22 Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. Apply updates per vendor instructions. 6/13/22 CVE-2021-30883
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 5/23/22 Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. Apply updates per vendor instructions. 6/13/22 CVE-2019-7286
iOS Apple iOS Memory Corruption Vulnerability 5/23/22 Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. Apply updates per vendor instructions. 6/13/22 CVE-2019-7287
Multiple Products Apple Multiple Products Type Confusion Vulnerability 5/4/22 A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. Apply updates per vendor instructions. 5/25/22 CVE-2021-1789
Multiple Products Apple Multiple Products Type Confusion Vulnerability 5/4/22 A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. Apply updates per vendor instructions. 5/25/22 CVE-2019-8506
macOS Apple macOS Out-of-Bounds Write Vulnerability 4/4/22 macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 4/25/22 CVE-2022-22675
macOS Apple macOS Out-of-Bounds Read Vulnerability 4/4/22 macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. Apply updates per vendor instructions. 4/25/22 CVE-2022-22674
Webkit Apple Webkit Remote Code Execution Vulnerability 2/11/22 Apple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2/25/22 CVE-2022-22620
OS X Apple OS X Authentication Bypass Vulnerability 2/10/22 The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. Apply updates per vendor instructions. 8/10/22 CVE-2015-1130
OS X Apple OS X Heap-Based Buffer Overflow Vulnerability 2/10/22 Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. Apply updates per vendor instructions. 8/10/22 CVE-2014-4404
iOS and macOS Apple Memory Corruption Vulnerability 1/28/22 Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2/11/22 CVE-2022-22587
iOS and iPadOS Apple 11-13.5 XNU Kernel Vulnerability 11/3/21 A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 5/3/22 CVE-2020-9859