2023 Apple & iOS Vulnerabilities from CISA
Tags:
Use this curated list of 2022 - 2023 CISA Known Exploited Vulnerabilities as a quick, actionable guide to securing Apple products, including macOS, iPadOS, watchOS and iOS known exploited vulnerabilities.
Product | Vulnerability Name | Date Added | Short Description | Required Action | Due Date | Detail Link |
iOS and iPadOS | Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability | 2023-10-05 | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-26 | CVE-2023-42824 |
Multiple Products | Apple Multiple Products Improper Certificate Validation Vulnerability | 2023-09-25 | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-16 | CVE-2023-41991 |
Multiple Products | Apple Multiple Products Kernel Privilege Escalation Vulnerability | 2023-09-25 | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-16 | CVE-2023-41992 |
Multiple Products | Apple Multiple Products WebKit Code Execution Vulnerability | 2023-09-25 | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-16 | CVE-2023-41993 |
iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability | 2023-09-11 | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-02 | CVE-2023-41064 |
iOS, iPadOS, and watchOS | Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability | 2023-09-11 | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-02 | CVE-2023-41061 |
Multiple Products | Apple Multiple Products Kernel Unspecified Vulnerability | 2023-07-26 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-08-16 | CVE-2023-38606 |
Multiple Products | Apple Multiple Products WebKit Code Execution Vulnerability | 2023-07-13 | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. | Apply updates per vendor instructions. | 2023-08-03 | CVE-2023-37450 |
Multiple Products | Apple Multiple Products Integer Overflow Vulnerability | 2023-06-23 | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 2023-07-14 | CVE-2023-32434 |
iOS and macOS | Apple iOS and iPadOS WebKit Memory Corruption Vulnerability | 2023-06-23 | Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. | Apply updates per vendor instructions. | 2023-07-14 | CVE-2023-32435 |
Multiple Products | Apple Multiple Products WebKit Type Confusion Vulnerability | 2023-06-23 | Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. | Apply updates per vendor instructions. | 2023-07-14 | CVE-2023-32439 |
Multiple Products | Apple Multiple Products WebKit Sandbox Escape Vulnerability | 2023-05-22 | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. | Apply updates per vendor instructions. | 2023-06-12 | CVE-2023-32409 |
Multiple Products | Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | 2023-05-22 | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information. | Apply updates per vendor instructions. | 2023-06-12 | CVE-2023-28204 |
Multiple Products | Apple Multiple Products WebKit Use-After-Free Vulnerability | 2023-05-22 | Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution. | Apply updates per vendor instructions. | 2023-06-12 | CVE-2023-32373 |
macOS | Apple macOS Use-After-Free Vulnerability | 2023-04-17 | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. | Apply updates per vendor instructions. | 2023-05-08 | CVE-2019-8526 |
Multiple Products | Apple Multiple Products WebKit Use-After-Free Vulnerability | 04/10/23 | Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. | Apply updates per vendor instructions. | 05/01/23 | CVE-2023-28205 |
iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability | 04/10/23 | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. | Apply updates per vendor instructions. | 05/01/23 | CVE-2023-28206 |
iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | 03/30/23 | Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. | Apply updates per vendor instructions. | 04/20/23 | CVE-2021-30900 |
Multiple Products | Apple Multiple Products WebKit Type Confusion Vulnerability | 02/14/23 | WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. | Apply updates per vendor instructions. | 01/04/23 | CVE-2023-23529 |
iOS | Apple iOS Type Confusion Vulnerability | 12/14/22 | Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. | Apply updates per vendor instructions. | 01/04/23 | CVE-2022-42856 |
iOS and iPadOS | Apple iOS and iPadOS Out-of-Bounds Write Vulnerability | 10/25/22 | Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. | Apply updates per vendor instructions. | 11/15/22 | CVE-2022-42827 |
iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability | 9/14/22 | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. | Apply updates per vendor instructions. | 10/5/22 | CVE-2022-32917 |
OS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Input Validation Vulnerability | 9/8/22 | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | Apply updates per vendor instructions. | 9/29/22 | CVE-2021-31010 |
iOS, macOS, watchOS | Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability | 8/25/22 | In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. | Apply updates per vendor instructions. | 9/15/22 | CVE-2021-31010 |
iOS and macOS | Apple iOS and macOS Out-of-Bounds Write Vulnerability | 8/18/22 | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 9/8/22 | CVE-2022-32894 |
iOS and macOS | Apple iOS and macOS Out-of-Bounds Write Vulnerability | 8/18/22 | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. | Apply updates per vendor instructions. | 9/8/22 | CVE-2022-32893 |
iOS and iPadOS | Apple iOS and iPadOS Buffer Overflow Vulnerability | 6/27/22 | Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2021-30983 |
Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 6/27/22 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2020-3837 |
Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 6/27/22 | Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2020-9907 |
Multiple Products | Apple Multiple Products Use-After-Free Vulnerability | 6/27/22 | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2019-8605 |
Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 6/27/22 | Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. | Apply updates per vendor instructions. | 7/18/22 | CVE-2018-4344 |
iOS | Apple iOS Information Disclosure Vulnerability | 5/24/22 | The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. | Apply updates per vendor instructions. | 6/14/22 | CVE-2016-4655 |
iOS | Apple iOS Memory Corruption Vulnerability | 5/24/22 | A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. | Apply updates per vendor instructions. | 6/14/22 | CVE-2016-4656 |
iOS | Apple iOS Webkit Memory Corruption Vulnerability | 5/24/22 | WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. | Apply updates per vendor instructions. | 6/14/22 | CVE-2016-4657 |
Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 5/23/22 | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. | Apply updates per vendor instructions. | 6/13/22 | CVE-2021-30883 |
Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 5/23/22 | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. | Apply updates per vendor instructions. | 6/13/22 | CVE-2019-7286 |
iOS | Apple iOS Memory Corruption Vulnerability | 5/23/22 | Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. | Apply updates per vendor instructions. | 6/13/22 | CVE-2019-7287 |
Multiple Products | Apple Multiple Products Type Confusion Vulnerability | 5/4/22 | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | Apply updates per vendor instructions. | 5/25/22 | CVE-2021-1789 |
Multiple Products | Apple Multiple Products Type Confusion Vulnerability | 5/4/22 | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | Apply updates per vendor instructions. | 5/25/22 | CVE-2019-8506 |
macOS | Apple macOS Out-of-Bounds Write Vulnerability | 4/4/22 | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | Apply updates per vendor instructions. | 4/25/22 | CVE-2022-22675 |
macOS | Apple macOS Out-of-Bounds Read Vulnerability | 4/4/22 | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | Apply updates per vendor instructions. | 4/25/22 | CVE-2022-22674 |
Webkit | Apple Webkit Remote Code Execution Vulnerability | 2/11/22 | Apple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution. | Apply updates per vendor instructions. | 2/25/22 | CVE-2022-22620 |
OS X | Apple OS X Authentication Bypass Vulnerability | 2/10/22 | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | Apply updates per vendor instructions. | 8/10/22 | CVE-2015-1130 |
OS X | Apple OS X Heap-Based Buffer Overflow Vulnerability | 2/10/22 | Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | Apply updates per vendor instructions. | 8/10/22 | CVE-2014-4404 |
iOS and macOS | Apple Memory Corruption Vulnerability | 1/28/22 | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | Apply updates per vendor instructions. | 2/11/22 | CVE-2022-22587 |
iOS and iPadOS | Apple 11-13.5 XNU Kernel Vulnerability | 11/3/21 | A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. | Apply updates per vendor instructions. | 5/3/22 | CVE-2020-9859 |