Apple Apple Software and Device Maker

  1. Vendors
  2. Apple
Do you want an email whenever new security vulnerabilities are reported in any Apple product?

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple Mac OSX2234 vulnerabilities
Macintosh Operating System

Apple iOS1774 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPad OS1143 vulnerabilities
Apple iPad Operating System

Apple TV OS1089 vulnerabilities
Apple TV Operating System

Apple Watch OS1053 vulnerabilities
Apple Watch Operating System

Apple Safari466 vulnerabilities

Apple iPad OS353 vulnerabilities
Apple iPad Operating System

Apple iTunes229 vulnerabilities
Apple iTunes Software

Apple iCloud195 vulnerabilities

Apple Xcode44 vulnerabilities

Apple Visionos24 vulnerabilities

Apple Swift12 vulnerabilities

Apple Music7 vulnerabilities

Apple Garageband3 vulnerabilities

Apple Logic Pro X2 vulnerabilities

Apple Shortcuts2 vulnerabilities

Apple Files2 vulnerabilities

Apple Swift Nio Extras1 vulnerability

Apple Swift Foundation1 vulnerability

Apple Texture1 vulnerability

Apple Webobjects1 vulnerability

Apple Shazam1 vulnerability

Apple Mail1 vulnerability

Apple Remote Desktop1 vulnerability

Apple Quicktime Streaming Server1 vulnerability

Apple Quicktime1 vulnerability

Apple Airpods Firmware1 vulnerability

Apple Macos Server1 vulnerability

Apple Ipod Touch1 vulnerability

Apple Imovie1 vulnerability

Apple Imessage1 vulnerability

Apple Darwin Streaming Server1 vulnerability

Apple Boot Camp1 vulnerability

Appleshare1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
HT214111 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 Security Content June 25, 2024
HT214108 visionOS 1.2 Security Content June 10, 2024
HT214101 iOS 17.5 and iPadOS 17.5 Security Content May 13, 2024
HT214105 macOS Monterey 12.7.5 Security Content May 13, 2024
HT214104 watchOS 10.5 Security Content May 13, 2024
HT214103 Safari 17.5 Security Content May 13, 2024
HT214102 tvOS 17.5 Security Content May 13, 2024
HT214106 macOS Sonoma 14.5 Security Content May 13, 2024
HT214107 macOS Ventura 13.6.7 Security Content May 13, 2024
HT214100 iOS 16.7.8 and iPadOS 16.7.8 Security Content May 13, 2024

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 March 6, 2024
Apple Multiple Products Improper Authentication Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 January 31, 2024
Apple Multiple Products Type Confusion Vulnerability Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 January 23, 2024
Apple Multiple Products Code Execution Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 January 8, 2024
Apple Multiple Products WebKit Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 December 4, 2023
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 December 4, 2023
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 October 5, 2023
Apple Multiple Products Improper Certificate Validation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 September 25, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 September 25, 2023
Apple Multiple Products Kernel Privilege Escalation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 September 25, 2023
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. CVE-2023-41061 September 11, 2023
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 September 11, 2023
Apple Multiple Products Kernel Unspecified Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. CVE-2023-38606 July 26, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-37450 July 13, 2023
Apple iOS and iPadOS WebKit Memory Corruption Vulnerability Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-32435 June 23, 2023
Apple Multiple Products Integer Overflow Vulnerability Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2023-32434 June 23, 2023
Apple Multiple Products WebKit Type Confusion Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-32439 June 23, 2023
Apple macOS Use-After-Free Vulnerability Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 April 17, 2023
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 April 10, 2023

By the Year

In 2024 there have been 240 vulnerabilities in Apple with an average score of 6.4 out of ten. Last year Apple had 504 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.19

Year Vulnerabilities Average Score
2024 240 6.39
2023 504 6.58
2022 462 7.09
2021 603 6.99
2020 385 6.95
2019 548 7.41
2018 184 7.36

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

An authentication issue was addressed with improved state management

CVE-2024-27867 - June 26, 2024

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

A privacy issue was addressed with improved handling of temporary files

CVE-2024-27845 3.3 - Low - June 10, 2024

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.

This issue was addressed with improved permissions checking

CVE-2024-27848 7.8 - High - June 10, 2024

This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges.

AuthZ

The issue was addressed with improved checks

CVE-2024-27855 8.8 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

This issue was addressed with improved validation of symlinks

CVE-2024-27885 6.3 - Medium - June 10, 2024

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system.

insecure temporary file

This issue was addressed with additional entitlement checks

CVE-2024-27799 3.3 - Low - June 10, 2024

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.

An issue was addressed with improved validation of environment variables

CVE-2024-27805 5.5 - Medium - June 10, 2024

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.

This issue was addressed with improved environment sanitization

CVE-2024-27806 5.5 - Medium - June 10, 2024

This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.

The issue was addressed with improved checks

CVE-2024-27807 4.3 - Medium - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.

This issue was addressed through improved state management

CVE-2024-27814 2.4 - Low - June 10, 2024

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen.

The issue was addressed by restricting options offered on a locked device

CVE-2024-27819 2.4 - Low - June 10, 2024

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.

An authentication issue was addressed with improved state management

CVE-2024-23251 4.6 - Medium - June 10, 2024

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials.

The issue was addressed with improved checks

CVE-2024-23282 5.5 - Medium - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

The issue was addressed with improved memory handling

CVE-2024-27820 8.8 - High - June 10, 2024

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

This issue was addressed through improved state management

CVE-2024-27830 6.5 - Medium - June 10, 2024

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

The issue was addressed with improved bounds checks

CVE-2024-27851 8.8 - High - June 10, 2024

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Buffer Overflow

An integer overflow was addressed with improved input validation

CVE-2024-27833 8.8 - High - June 10, 2024

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Integer Overflow or Wraparound

This issue was addressed with improvements to the noise injection algorithm

CVE-2024-27850 6.5 - Medium - June 10, 2024

This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.

The issue was addressed with improvements to the file handling protocol

CVE-2024-27812 6.5 - Medium - June 10, 2024

The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.

The issue was addressed with improved memory handling

CVE-2024-27808 8.8 - High - June 10, 2024

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.

The issue was addressed by adding additional logic

CVE-2024-27838 6.5 - Medium - June 10, 2024

The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

The issue was addressed with improved checks

CVE-2024-27844 5.5 - Medium - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-27857 7.8 - High - June 10, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

Buffer Overflow

An out-of-bounds read was addressed with improved input validation

CVE-2024-27802 7.8 - High - June 10, 2024

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Out-of-bounds Read

This issue was addressed by removing the vulnerable code

CVE-2024-27800 6.5 - Medium - June 10, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.

The issue was addressed with improved checks

CVE-2024-27811 7.8 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.

An out-of-bounds write issue was addressed with improved input validation

CVE-2024-27815 7.8 - High - June 10, 2024

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

The issue was addressed with improved memory handling

CVE-2024-27840 6.3 - Medium - June 10, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.

The issue was addressed with improved memory handling

CVE-2024-27828 7.8 - High - June 10, 2024

The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved checks

CVE-2024-27836 7.8 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.

The issue was addressed with improved checks

CVE-2024-27801 7.8 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.

The issue was addressed with improved checks

CVE-2024-27832 7.8 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.

An out-of-bounds write issue was addressed with improved input validation

CVE-2024-27831 7.8 - High - June 10, 2024

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

Memory Corruption

The issue was addressed with improved checks

CVE-2024-27817 7.8 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

A memory corruption issue was addressed with improved validation

CVE-2022-32897 7.8 - High - June 10, 2024

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.

Memory Corruption

An information disclosure issue was addressed by removing the vulnerable code

CVE-2022-32933 5.3 - Medium - June 10, 2024

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.

An out-of-bounds read was addressed with improved bounds checking

CVE-2022-48578 7.1 - High - June 10, 2024

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

An access issue was addressed with additional sandbox restrictions

CVE-2022-48683 7.8 - High - June 10, 2024

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.

The issue was addressed with improved restriction of data container access

CVE-2023-40389 5.5 - Medium - June 10, 2024

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.

The issue was addressed with improved checks

CVE-2024-23299 8.6 - High - June 10, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.

This issue was addressed by adding an additional prompt for user consent

CVE-2024-27792 5.5 - Medium - June 10, 2024

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.

The issue was addressed with improved memory handling

CVE-2024-27818 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.

The issue was addressed with improved checks

CVE-2024-27793 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2024-27804 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved checks

CVE-2024-27816 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.

The issue was addressed with improved memory handling

CVE-2024-27841 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.

A privacy issue was addressed by moving sensitive data to a more secure location

CVE-2024-27839 - May 14, 2024

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.

A path handling issue was addressed with improved validation

CVE-2024-27810 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.

A privacy issue was addressed with improved client ID handling for alternative app marketplaces

CVE-2024-27852 - May 14, 2024

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.

This issue was addressed through improved state management

CVE-2024-27835 - May 14, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.

A permissions issue was addressed with improved validation

CVE-2024-27803 - May 14, 2024

A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.

A path handling issue was addressed with improved validation

CVE-2024-27821 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.

This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5

CVE-2024-27847 - May 14, 2024

This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.

The issue was addressed with improved checks

CVE-2024-27796 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.

The issue was addressed with improved checks

CVE-2024-27834 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

A logic issue was addressed with improved checks

CVE-2024-27789 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.

The issue was addressed with improved memory handling

CVE-2024-27804 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

A downgrade issue was addressed with additional code-signing restrictions

CVE-2024-27837 - May 14, 2024

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items.

A logic issue was addressed with improved checks

CVE-2024-27816 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions

CVE-2024-27825 - May 14, 2024

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences.

The issue was addressed with improved memory handling

CVE-2024-27829 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2024-27841 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.

This issue was addressed through improved state management

CVE-2024-27827 - May 14, 2024

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.

The issue was addressed with improved memory handling

CVE-2024-27818 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.

A path handling issue was addressed with improved validation

CVE-2024-27810 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.

A logic issue was addressed with improved restrictions

CVE-2024-27822 - May 14, 2024

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.

The issue was addressed with improved checks

CVE-2024-27813 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

A logic issue was addressed with improved checks

CVE-2024-27843 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges.

A path handling issue was addressed with improved validation

CVE-2024-27821 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.

An authorization issue was addressed with improved state management

CVE-2024-27798 - May 14, 2024

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges.

This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5

CVE-2024-27847 - May 14, 2024

This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.

The issue was addressed with improved checks

CVE-2024-27842 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved checks

CVE-2024-27796 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.

The issue was addressed with improved checks

CVE-2024-27834 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

A logic issue was addressed with improved checks

CVE-2024-27789 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.

This issue was addressed by removing the vulnerable code

CVE-2024-27824 - May 14, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges.

A logic issue was addressed with improved checks

CVE-2024-27789 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.

The issue was addressed with improved memory handling

CVE-2024-27804 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved checks

CVE-2024-27816 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.

A path handling issue was addressed with improved validation

CVE-2024-27810 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.

A path handling issue was addressed with improved validation

CVE-2024-27821 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.

The issue was addressed with improved checks

CVE-2024-27834 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

The issue was addressed with improved memory handling

CVE-2024-27804 - May 14, 2024

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved checks

CVE-2024-27816 - May 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.

A path handling issue was addressed with improved validation

CVE-2024-27810 - May 14, 2024

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.

The issue was addressed with improved checks

CVE-2024-27834 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

The issue was addressed with improved checks

CVE-2024-27834 - May 14, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

A correctness issue was addressed with improved checks

CVE-2024-23236 - May 14, 2024

A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.

This issue was addressed with improved redaction of sensitive information

CVE-2024-23229 - May 14, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My data.

A use after free issue was addressed with improved memory management

CVE-2023-42950 8.8 - High - March 28, 2024

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3

CVE-2023-42962 7.5 - High - March 28, 2024

This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.

The issue was addressed with improved memory handling

CVE-2023-42956 6.5 - Medium - March 28, 2024

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.

A path handling issue was addressed with improved validation

CVE-2023-42947 8.6 - High - March 28, 2024

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.

This issue was addressed with improved redaction of sensitive information

CVE-2023-42936 5.5 - Medium - March 28, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.

The issue was addressed with improved checks

CVE-2023-42931 7.8 - High - March 28, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.

This issue was addressed with improved checks

CVE-2023-42930 5.5 - Medium - March 28, 2024

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.

This issue was addressed through improved state management

CVE-2023-42913 8.8 - High - March 28, 2024

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.

An issue was addressed with improved handling of temporary files

CVE-2023-42896 5.5 - Medium - March 28, 2024

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.

A use-after-free issue was addressed with improved memory management

CVE-2023-42892 7.8 - High - March 28, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.

A permissions issue was addressed by removing vulnerable code and adding additional checks

CVE-2023-42893 5.5 - Medium - March 28, 2024

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.