Apple Software and Device Maker
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Apple product.
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
Advisory | Title | Published |
---|---|---|
122283 | macOS Sequoia 15.3.2 - Apple Security Content | March 11, 2025 |
122285 | Safari 18.3.1 - Apple Security Content | March 11, 2025 |
122281 | iOS 18.3.2 and iPadOS 18.3.2 - Apple Security Content | March 11, 2025 |
122284 | visionOS 2.3.2 - Apple Security Content | March 11, 2025 |
122173 | iPadOS 17.7.5 - Apple Security Content | February 10, 2025 |
122174 | iOS 18.3.1 and iPadOS 18.3.1 - Apple Security Content | February 10, 2025 |
121866 | GarageBand 10.4.12 - Apple Security Content | January 30, 2025 |
122074 | Safari 18.3 - Apple Security Content | January 27, 2025 |
122069 | macOS Sonoma 14.7.3 - Apple Security Content | January 27, 2025 |
122073 | visionOS 2.3 - Apple Security Content | January 27, 2025 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Apple Multiple Products Arbitrary Read and Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. CVE-2025-31201 |
April 17, 2025 |
Apple Multiple Products Memory Corruption Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. CVE-2025-31200 |
April 17, 2025 |
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. CVE-2025-24201 Exploit Probability: 0.1% |
March 13, 2025 |
Apple iOS and iPadOS Incorrect Authorization Vulnerability |
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device. CVE-2025-24200 Exploit Probability: 24.3% |
February 12, 2025 |
Apple Multiple Products Use-After-Free Vulnerability |
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges. CVE-2025-24085 Exploit Probability: 6.1% |
January 29, 2025 |
Apple Multiple Products Code Execution Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution. CVE-2024-44308 Exploit Probability: 0.5% |
November 21, 2024 |
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. CVE-2024-44309 Exploit Probability: 0.4% |
November 21, 2024 |
Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 Exploit Probability: 0.0% |
March 6, 2024 |
Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 Exploit Probability: 0.1% |
March 6, 2024 |
Apple Multiple Products Improper Authentication Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 Exploit Probability: 0.2% |
January 31, 2024 |
Apple Multiple Products Type Confusion Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 Exploit Probability: 0.1% |
January 23, 2024 |
Apple Multiple Products Code Execution Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 Exploit Probability: 4.1% |
January 8, 2024 |
Apple Multiple Products WebKit Memory Corruption Vulnerability |
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 Exploit Probability: 0.0% |
December 4, 2023 |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability |
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 Exploit Probability: 0.0% |
December 4, 2023 |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability |
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 Exploit Probability: 0.5% |
October 5, 2023 |
Apple Multiple Products Improper Certificate Validation Vulnerability |
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 Exploit Probability: 6.2% |
September 25, 2023 |
Apple Multiple Products WebKit Code Execution Vulnerability |
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 Exploit Probability: 8.7% |
September 25, 2023 |
Apple Multiple Products Kernel Privilege Escalation Vulnerability |
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 Exploit Probability: 0.4% |
September 25, 2023 |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability |
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 Exploit Probability: 92.5% |
September 11, 2023 |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability |
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. CVE-2023-41061 Exploit Probability: 4.1% |
September 11, 2023 |
The vulnerability CVE-2023-41064: Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2025-24200: Apple iOS and iPadOS Incorrect Authorization Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
Top 10 Riskiest Apple Vulnerabilities
Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
Rank | CVE | EPSS | Vulnerability |
---|---|---|---|
1 | CVE-2023-41064 | 92.5% | Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability |
2 | CVE-2023-32434 | 85.3% | Apple Multiple Products Integer Overflow Vulnerability |
3 | CVE-2016-4655 | 82.5% | Apple iOS Information Disclosure Vulnerability |
4 | CVE-2016-4657 | 79.2% | Apple iOS Webkit Memory Corruption Vulnerability |
5 | CVE-2021-30657 | 75.5% | Apple macOS Policy Subsystem Gatekeeper Bypass |
6 | CVE-2016-4656 | 68.3% | Apple iOS Memory Corruption Vulnerability |
7 | CVE-2021-30860 | 64.3% | Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability |
8 | CVE-2014-4404 | 52.9% | Apple OS X Heap-Based Buffer Overflow Vulnerability |
9 | CVE-2020-27930 | 43.0% | Apple iOS and macOS FontParser Remote Code Execution Vulnerability |
10 | CVE-2020-27950 | 36.7% | Apple iOS and macOS Kernel Memory Initialization Vulnerability |
By the Year
In 2025 there have been 262 vulnerabilities in Apple with an average score of 6.1 out of ten. Last year, in 2024 Apple had 614 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.06.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 262 | 6.10 |
2024 | 614 | 6.04 |
2023 | 506 | 6.58 |
2022 | 462 | 7.09 |
2021 | 603 | 6.99 |
2020 | 385 | 6.95 |
2019 | 548 | 7.41 |
2018 | 184 | 7.36 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
This issue was addressed with improved permissions checking
CVE-2025-31184
- March 31, 2025
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
The issue was addressed with improved memory handling
CVE-2025-24243
- March 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.
This issue was addressed with improved handling of symlinks
CVE-2025-24242
- March 31, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
A configuration issue was addressed with additional restrictions
CVE-2025-24241
- March 31, 2025
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.
A race condition was addressed with additional validation
CVE-2025-24240
- March 31, 2025
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
A downgrade issue was addressed with additional code-signing restrictions
CVE-2025-24239
- March 31, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
A logic issue was addressed with improved checks
CVE-2025-24238
- March 31, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.
A buffer overflow was addressed with improved bounds checking
CVE-2025-24237
- March 31, 2025
A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
An access issue was addressed with additional sandbox restrictions
CVE-2025-24236
- March 31, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
An authentication issue was addressed with improved state management
CVE-2025-31194
- March 31, 2025
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
This issue was addressed through improved state management
CVE-2025-31191
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
This issue was addressed by removing the vulnerable code
CVE-2025-31187
- March 31, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
The issue was addressed with improved restriction of data container access
CVE-2025-31183
- March 31, 2025
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
This issue was addressed with improved handling of symlinks
CVE-2025-31182
- March 31, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.
A validation issue was addressed with improved logic
CVE-2025-30471
- March 31, 2025
A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.
A path handling issue was addressed with improved logic
CVE-2025-30470
- March 31, 2025
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information.
This issue was addressed through improved state management
CVE-2025-30469
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
The issue was addressed with improved checks
CVE-2025-30467
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.
A permissions issue was addressed with improved validation
CVE-2025-30465
- March 31, 2025
A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2025-30464
- March 31, 2025
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
The issue was addressed with improved restriction of data container access
CVE-2025-30463
- March 31, 2025
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
A library injection issue was addressed with additional restrictions
CVE-2025-30462
- March 31, 2025
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.
An access issue was addressed with additional sandbox restrictions on the system pasteboards
CVE-2025-30461
- March 31, 2025
An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
A permissions issue was addressed by removing vulnerable code and adding additional checks
CVE-2025-30460
- March 31, 2025
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
A permissions issue was addressed with additional restrictions
CVE-2025-30458
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox.
This issue was addressed with improved validation of symlinks
CVE-2025-30457
- March 31, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to create symlinks to protected regions of the disk.
A parsing issue in the handling of directory paths was addressed with improved path validation
CVE-2025-30456
- March 31, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
This issue was addressed with improved redaction of sensitive information
CVE-2025-30451
- March 31, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
This issue was addressed through improved state management
CVE-2025-30441
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.
The issue was addressed with improved bounds checks
CVE-2025-30437
- March 31, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
This issue was addressed with improved redaction of sensitive information
CVE-2025-30435
- March 31, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
A library injection issue was addressed with additional restrictions
CVE-2025-24282
- March 31, 2025
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system.
This issue was addressed with improved data protection
CVE-2025-24281
- March 31, 2025
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
An access issue was addressed with additional sandbox restrictions
CVE-2025-24280
- March 31, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
This issue was addressed with improved validation of symlinks
CVE-2025-24278
- March 31, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
A parsing issue in the handling of directory paths was addressed with improved path validation
CVE-2025-24277
- March 31, 2025
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
The issue was addressed with improved memory handling
CVE-2025-24269
- March 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination.
A permissions issue was addressed with additional restrictions
CVE-2025-24267
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
A buffer overflow was addressed with improved bounds checking
CVE-2025-24266
- March 31, 2025
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
An out-of-bounds read was addressed with improved bounds checking
CVE-2025-24265
- March 31, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
The issue was addressed with improved memory handling
CVE-2025-24264
- March 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
A privacy issue was addressed by moving sensitive data to a protected location
CVE-2025-24263
- March 31, 2025
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2025-24262
- March 31, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
A permissions issue was addressed with additional restrictions
CVE-2025-24248
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.
This issue was addressed by adding a delay between verification code attempts
CVE-2025-24245
- March 31, 2025
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords.
The issue was addressed with improved checks
CVE-2025-24226
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
The issue was addressed with improved checks
CVE-2025-24204
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
The issue was addressed with improved validation of environment variables
CVE-2025-24191
- March 31, 2025
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system.
This issue was addressed through improved state management
CVE-2025-24178
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
This issue was addressed with additional entitlement checks
CVE-2025-24173
- March 31, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
A permissions issue was addressed with additional sandbox restrictions
CVE-2025-24172
- March 31, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. "Block All Remote Content" may not apply for all mail previews.
A logic issue was addressed with improved file handling
CVE-2025-24170
- March 31, 2025
A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
This issue was addressed through improved state management
CVE-2025-24167
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.
A logic issue was addressed with improved checks
CVE-2025-24164
- March 31, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
A buffer overflow issue was addressed with improved memory handling
CVE-2025-24157
- March 31, 2025
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
This issue was addressed with improved handling of executable types
CVE-2025-24148
- March 31, 2025
This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks.
A permissions issue was addressed with additional restrictions
CVE-2025-24097
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to read arbitrary file metadata.
A permissions issue was addressed with additional sandbox restrictions
CVE-2024-54533
- March 31, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
The issue was addressed with improved handling of protocols
CVE-2024-40864
- March 31, 2025
The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.
The issue was addressed with improved checks
CVE-2025-31192
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
The issue was addressed with improved checks
CVE-2025-30455
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information.
A path handling issue was addressed with improved validation
CVE-2025-30454
- March 31, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.
The issue was addressed with improved checks
CVE-2025-30452
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An input validation issue was addressed.
This issue was addressed with improved validation of symlinks
CVE-2025-30450
- March 31, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
A permissions issue was addressed with additional restrictions
CVE-2025-30449
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4
CVE-2025-30447
- March 31, 2025
The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
A permissions issue was addressed with additional restrictions
CVE-2025-30446
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app with root privileges may be able to modify the contents of system files.
A race condition was addressed with improved locking
CVE-2025-30444
- March 31, 2025
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.
A privacy issue was addressed by removing the vulnerable code
CVE-2025-30443
- March 31, 2025
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
A use-after-free issue was addressed with improved memory management
CVE-2025-30427
- March 31, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
A permissions issue was addressed with additional restrictions
CVE-2025-24207
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to enable iCloud storage features without user consent.
An authorization issue was addressed with improved state management
CVE-2025-24205
- March 31, 2025
An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
The issue was addressed with improved checks
CVE-2025-24203
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
A logging issue was addressed with improved data redaction
CVE-2025-24202
- March 31, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
An uncontrolled format string issue was addressed with improved input validation
CVE-2025-24199
- March 31, 2025
An uncontrolled format string issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause a denial-of-service.
This issue was addressed by restricting options offered on a locked device
CVE-2025-24198
- March 31, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access may be able to use Siri to access sensitive user data.
A type confusion issue was addressed with improved memory handling
CVE-2025-24196
- March 31, 2025
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory.
An integer overflow was addressed with improved input validation
CVE-2025-24195
- March 31, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges.
A logic issue was addressed with improved checks
CVE-2025-24194
- March 31, 2025
A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may result in the disclosure of process memory.
This issue was addressed with improved authentication
CVE-2025-24193
- March 31, 2025
This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.
A script imports issue was addressed with improved isolation
CVE-2025-24192
- March 31, 2025
A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data.
The issue was addressed with improved input sanitization
CVE-2025-30434
- March 31, 2025
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.
This issue was addressed with improved access restrictions
CVE-2025-30433
- March 31, 2025
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
A logic issue was addressed with improved state management
CVE-2025-30432
- March 31, 2025
A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
This issue was addressed through improved state management
CVE-2025-30430
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication.
A path handling issue was addressed with improved validation
CVE-2025-30429
- March 31, 2025
A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
This issue was addressed through improved state management
CVE-2025-30428
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.
This issue was addressed through improved state management
CVE-2025-24232
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files.
A race condition was addressed with additional validation
CVE-2025-31188
- March 31, 2025
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy preferences.
This issue was addressed with improved file handling
CVE-2025-24279
- March 31, 2025
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts.
The issue was addressed with improved input validation
CVE-2025-24180
- March 31, 2025
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.
A permissions issue was addressed with additional restrictions
CVE-2025-24181
- March 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
An out-of-bounds read issue was addressed with improved input validation
CVE-2025-24182
- March 31, 2025
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory.
The issue was addressed with improved memory handling
CVE-2025-24190
- March 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
An out-of-bounds read issue was addressed with improved input validation
CVE-2025-24230
- March 31, 2025
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.
The issue was addressed with improved checks
CVE-2025-24231
- March 31, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
This issue was addressed through improved state management
CVE-2025-30425
- March 31, 2025
This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.
A logging issue was addressed with improved data redaction
CVE-2025-30424
- March 31, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose user contact information in system logging.
A logging issue was addressed with improved data redaction
CVE-2025-24283
- March 31, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
This issue was addressed with additional entitlement checks
CVE-2025-30426
- March 31, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps.