Apple Software and Device Maker
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Apple product.
RSS Feeds for Apple security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 122403 | AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1 Updates - Apple Security Content | May 15, 2025 |
| 122718 | macOS Ventura 13.7.6 - Apple Security Content | May 12, 2025 |
| 122717 | macOS Sonoma 14.7.6 - Apple Security Content | May 12, 2025 |
| 122720 | tvOS 18.5 - Apple Security Content | May 12, 2025 |
| 122404 | iOS 18.5 and iPadOS 18.5 - Apple Security Content | May 12, 2025 |
| 122722 | watchOS 11.5 - Apple Security Content | May 12, 2025 |
| 122721 | visionOS 2.5 - Apple Security Content | May 12, 2025 |
| 122716 | macOS Sequoia 15.5 - Apple Security Content | May 12, 2025 |
| 122719 | Safari 18.5 - Apple Security Content | May 12, 2025 |
| 122405 | iPadOS 17.7.7 - Apple Security Content | May 12, 2025 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple Multiple Products Unspecified Vulnerability |
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link. CVE-2025-43200 Exploit Probability: 0.7% |
June 16, 2025 |
| Apple Multiple Products Arbitrary Read and Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. CVE-2025-31201 Exploit Probability: 0.3% |
April 17, 2025 |
| Apple Multiple Products Memory Corruption Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. CVE-2025-31200 Exploit Probability: 0.3% |
April 17, 2025 |
| Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. CVE-2025-24201 Exploit Probability: 0.0% |
March 13, 2025 |
| Apple iOS and iPadOS Incorrect Authorization Vulnerability |
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device. CVE-2025-24200 Exploit Probability: 39.5% |
February 12, 2025 |
| Apple Multiple Products Use-After-Free Vulnerability |
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges. CVE-2025-24085 Exploit Probability: 9.2% |
January 29, 2025 |
| Apple Multiple Products Code Execution Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution. CVE-2024-44308 Exploit Probability: 0.3% |
November 21, 2024 |
| Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. CVE-2024-44309 Exploit Probability: 0.2% |
November 21, 2024 |
| Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 Exploit Probability: 0.0% |
March 6, 2024 |
| Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 Exploit Probability: 0.1% |
March 6, 2024 |
| Apple Multiple Products Improper Authentication Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 Exploit Probability: 0.2% |
January 31, 2024 |
| Apple Multiple Products Type Confusion Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 Exploit Probability: 0.2% |
January 23, 2024 |
| Apple Multiple Products Code Execution Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 Exploit Probability: 4.1% |
January 8, 2024 |
| Apple Multiple Products WebKit Memory Corruption Vulnerability |
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 Exploit Probability: 0.0% |
December 4, 2023 |
| Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability |
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 Exploit Probability: 0.0% |
December 4, 2023 |
| Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability |
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 Exploit Probability: 0.5% |
October 5, 2023 |
| Apple Multiple Products WebKit Code Execution Vulnerability |
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 Exploit Probability: 8.7% |
September 25, 2023 |
| Apple Multiple Products Kernel Privilege Escalation Vulnerability |
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 Exploit Probability: 0.4% |
September 25, 2023 |
| Apple Multiple Products Improper Certificate Validation Vulnerability |
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 Exploit Probability: 6.2% |
September 25, 2023 |
| Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability |
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 Exploit Probability: 92.6% |
September 11, 2023 |
The vulnerability CVE-2023-41064: Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2025-24200: Apple iOS and iPadOS Incorrect Authorization Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
Top 10 Riskiest Apple Vulnerabilities
Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2023-41064 | 92.6% | Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability |
| 2 | CVE-2023-32434 | 83.4% | Apple Multiple Products Integer Overflow Vulnerability |
| 3 | CVE-2016-4655 | 82.5% | Apple iOS Information Disclosure Vulnerability |
| 4 | CVE-2016-4657 | 78.2% | Apple iOS Webkit Memory Corruption Vulnerability |
| 5 | CVE-2021-30657 | 75.5% | Apple macOS Policy Subsystem Gatekeeper Bypass |
| 6 | CVE-2021-30860 | 69.4% | Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability |
| 7 | CVE-2016-4656 | 69.0% | Apple iOS Memory Corruption Vulnerability |
| 8 | CVE-2014-4404 | 53.3% | Apple OS X Heap-Based Buffer Overflow Vulnerability |
| 9 | CVE-2020-27930 | 47.5% | Apple iOS and macOS FontParser Remote Code Execution Vulnerability |
| 10 | CVE-2025-24200 | 39.5% | Apple iOS and iPadOS Incorrect Authorization Vulnerability |
By the Year
In 2025 there have been 371 vulnerabilities in Apple with an average score of 6.1 out of ten. Last year, in 2024 Apple had 616 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.10.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 371 | 6.14 |
| 2024 | 616 | 6.04 |
| 2023 | 506 | 6.58 |
| 2022 | 463 | 7.09 |
| 2021 | 603 | 6.99 |
| 2020 | 385 | 6.95 |
| 2019 | 548 | 7.41 |
| 2018 | 184 | 7.36 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
This issue was addressed with improved checks
CVE-2025-43200
- June 16, 2025
This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
This issue was addressed through improved state management
CVE-2025-30466
- May 29, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.
A file quarantine bypass was addressed with additional checks
CVE-2025-31189
- May 29, 2025
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
This issue was addressed with improved validation of symlinks
CVE-2025-31198
- May 29, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation.
A logging issue was addressed with improved data redaction
CVE-2025-31199
- May 29, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
A permissions issue was addressed with additional restrictions
CVE-2025-31231
- May 29, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
A permissions issue was addressed with additional sandbox restrictions
CVE-2025-31261
- May 29, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
The issue was addressed with improved memory handling
CVE-2025-31263
- May 29, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
An authentication issue was addressed with improved state management
CVE-2025-31264
- May 29, 2025
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
The issue was addressed with improved checks
CVE-2025-24183
- May 19, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local user may be able to modify protected parts of the file system.
The issue was addressed with improved memory handling
CVE-2025-24184
- May 19, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.
The issue was addressed with improved checks
CVE-2025-24189
- May 19, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.
A logic issue was addressed with improved checks
CVE-2025-31185
- May 19, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
A permissions issue was addressed with additional restrictions
CVE-2025-31262
- May 19, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.
The issue was addressed with improved checks
CVE-2025-31205
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.
The issue was addressed with improved input sanitization
CVE-2025-31251
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
This issue was addressed through improved state management
CVE-2025-31214
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
A privacy issue was addressed by removing sensitive data
CVE-2025-31225
- May 12, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.
This issue was addressed through improved state management
CVE-2025-31212
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2025-31208
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
An out-of-bounds read was addressed with improved bounds checking
CVE-2025-31209
- May 12, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.
A use-after-free issue was addressed with improved memory management
CVE-2025-31239
- May 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved input sanitization
CVE-2025-31233
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
This issue was addressed through improved state management
CVE-2025-31253
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.
The issue was addressed with improved UI
CVE-2025-31210
- May 12, 2025
The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service.
A logic issue was addressed with improved checks
CVE-2025-31207
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
This issue was addressed with additional entitlement checks
CVE-2025-30448
- May 12, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.
A logic issue was addressed with improved checks
CVE-2025-31226
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.
The issue was addressed with improved memory handling
CVE-2025-31219
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
A double free issue was addressed with improved memory management
CVE-2025-31241
- May 12, 2025
A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
An injection issue was addressed with improved input validation
CVE-2025-24225
- May 12, 2025
An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.
A correctness issue was addressed with improved checks
CVE-2025-31222
- May 12, 2025
A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.
The issue was addressed with improved authentication
CVE-2025-31228
- May 12, 2025
The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen.
A logic issue was addressed with improved checks
CVE-2025-31227
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.
The issue was addressed with improved checks
CVE-2025-31245
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
The issue was addressed with improved input sanitization
CVE-2025-31234
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
An integer overflow was addressed with improved input validation
CVE-2025-31221
- May 12, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.
The issue was addressed with improved checks
CVE-2025-31223
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved checks
CVE-2025-31238
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-24223
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-31204
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved input validation
CVE-2025-31217
- May 12, 2025
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved checks
CVE-2025-31215
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
A type confusion issue was addressed with improved state handling
CVE-2025-31206
- May 12, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
This issue was addressed with improved memory handling
CVE-2025-31257
- May 12, 2025
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
A double free issue was addressed with improved memory management
CVE-2025-31235
- May 12, 2025
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.
A logic issue was addressed with improved checks
CVE-2025-31224
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences.
This issue was addressed by removing the vulnerable code
CVE-2025-31258
- May 12, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
A logic issue was addressed with improved checks
CVE-2025-31249
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
A file quarantine bypass was addressed with additional checks
CVE-2025-31244
- May 12, 2025
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.