Apple Software and Device Maker
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
Advisory | Title | Published |
---|---|---|
HT214111 | AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 Security Content | June 25, 2024 |
HT214108 | visionOS 1.2 Security Content | June 10, 2024 |
HT214101 | iOS 17.5 and iPadOS 17.5 Security Content | May 13, 2024 |
HT214105 | macOS Monterey 12.7.5 Security Content | May 13, 2024 |
HT214104 | watchOS 10.5 Security Content | May 13, 2024 |
HT214103 | Safari 17.5 Security Content | May 13, 2024 |
HT214102 | tvOS 17.5 Security Content | May 13, 2024 |
HT214106 | macOS Sonoma 14.5 Security Content | May 13, 2024 |
HT214107 | macOS Ventura 13.6.7 Security Content | May 13, 2024 |
HT214100 | iOS 16.7.8 and iPadOS 16.7.8 Security Content | May 13, 2024 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Apple iOS and iPadOS Memory Corruption Vulnerability | Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 | March 6, 2024 |
Apple iOS and iPadOS Memory Corruption Vulnerability | Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 | March 6, 2024 |
Apple Multiple Products Improper Authentication Vulnerability | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 | January 31, 2024 |
Apple Multiple Products Type Confusion Vulnerability | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 | January 23, 2024 |
Apple Multiple Products Code Execution Vulnerability | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 | January 8, 2024 |
Apple Multiple Products WebKit Memory Corruption Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 | December 4, 2023 |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 | December 4, 2023 |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 | October 5, 2023 |
Apple Multiple Products Improper Certificate Validation Vulnerability | Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 | September 25, 2023 |
Apple Multiple Products WebKit Code Execution Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 | September 25, 2023 |
Apple Multiple Products Kernel Privilege Escalation Vulnerability | Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 | September 25, 2023 |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability | Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. CVE-2023-41061 | September 11, 2023 |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability | Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 | September 11, 2023 |
Apple Multiple Products Kernel Unspecified Vulnerability | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. CVE-2023-38606 | July 26, 2023 |
Apple Multiple Products WebKit Code Execution Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-37450 | July 13, 2023 |
Apple iOS and iPadOS WebKit Memory Corruption Vulnerability | Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-32435 | June 23, 2023 |
Apple Multiple Products Integer Overflow Vulnerability | Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2023-32434 | June 23, 2023 |
Apple Multiple Products WebKit Type Confusion Vulnerability | Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-32439 | June 23, 2023 |
Apple macOS Use-After-Free Vulnerability | Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 | April 17, 2023 |
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 | April 10, 2023 |
By the Year
In 2024 there have been 240 vulnerabilities in Apple with an average score of 6.4 out of ten. Last year Apple had 504 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.19
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 240 | 6.39 |
2023 | 504 | 6.58 |
2022 | 462 | 7.09 |
2021 | 603 | 6.99 |
2020 | 385 | 6.95 |
2019 | 548 | 7.41 |
2018 | 184 | 7.36 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
An authentication issue was addressed with improved state management
CVE-2024-27867
- June 26, 2024
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
A privacy issue was addressed with improved handling of temporary files
CVE-2024-27845
3.3 - Low
- June 10, 2024
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.
This issue was addressed with improved permissions checking
CVE-2024-27848
7.8 - High
- June 10, 2024
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root privileges.
AuthZ
The issue was addressed with improved checks
CVE-2024-27855
8.8 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.
This issue was addressed with improved validation of symlinks
CVE-2024-27885
6.3 - Medium
- June 10, 2024
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system.
insecure temporary file
This issue was addressed with additional entitlement checks
CVE-2024-27799
3.3 - Low
- June 10, 2024
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.
An issue was addressed with improved validation of environment variables
CVE-2024-27805
5.5 - Medium
- June 10, 2024
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.
This issue was addressed with improved environment sanitization
CVE-2024-27806
5.5 - Medium
- June 10, 2024
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2024-27807
4.3 - Medium
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.
This issue was addressed through improved state management
CVE-2024-27814
2.4 - Low
- June 10, 2024
This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen.
The issue was addressed by restricting options offered on a locked device
CVE-2024-27819
2.4 - Low
- June 10, 2024
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.
An authentication issue was addressed with improved state management
CVE-2024-23251
4.6 - Medium
- June 10, 2024
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials.
The issue was addressed with improved checks
CVE-2024-23282
5.5 - Medium
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.
The issue was addressed with improved memory handling
CVE-2024-27820
8.8 - High
- June 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
This issue was addressed through improved state management
CVE-2024-27830
6.5 - Medium
- June 10, 2024
This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
The issue was addressed with improved bounds checks
CVE-2024-27851
8.8 - High
- June 10, 2024
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Buffer Overflow
An integer overflow was addressed with improved input validation
CVE-2024-27833
8.8 - High
- June 10, 2024
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Integer Overflow or Wraparound
This issue was addressed with improvements to the noise injection algorithm
CVE-2024-27850
6.5 - Medium
- June 10, 2024
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user.
The issue was addressed with improvements to the file handling protocol
CVE-2024-27812
6.5 - Medium
- June 10, 2024
The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service.
The issue was addressed with improved memory handling
CVE-2024-27808
8.8 - High
- June 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
The issue was addressed by adding additional logic
CVE-2024-27838
6.5 - Medium
- June 10, 2024
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
The issue was addressed with improved checks
CVE-2024-27844
5.5 - Medium
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site.
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2024-27857
7.8 - High
- June 10, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
Buffer Overflow
An out-of-bounds read was addressed with improved input validation
CVE-2024-27802
7.8 - High
- June 10, 2024
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
Out-of-bounds Read
This issue was addressed by removing the vulnerable code
CVE-2024-27800
6.5 - Medium
- June 10, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a denial-of-service.
The issue was addressed with improved checks
CVE-2024-27811
7.8 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
An out-of-bounds write issue was addressed with improved input validation
CVE-2024-27815
7.8 - High
- June 10, 2024
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
Memory Corruption
The issue was addressed with improved memory handling
CVE-2024-27840
6.3 - Medium
- June 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.
The issue was addressed with improved memory handling
CVE-2024-27828
7.8 - High
- June 10, 2024
The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved checks
CVE-2024-27836
7.8 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2024-27801
7.8 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
The issue was addressed with improved checks
CVE-2024-27832
7.8 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.
An out-of-bounds write issue was addressed with improved input validation
CVE-2024-27831
7.8 - High
- June 10, 2024
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
Memory Corruption
The issue was addressed with improved checks
CVE-2024-27817
7.8 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
A memory corruption issue was addressed with improved validation
CVE-2022-32897
7.8 - High
- June 10, 2024
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.
Memory Corruption
An information disclosure issue was addressed by removing the vulnerable code
CVE-2022-32933
5.3 - Medium
- June 10, 2024
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
An out-of-bounds read was addressed with improved bounds checking
CVE-2022-48578
7.1 - High
- June 10, 2024
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.
Out-of-bounds Read
An access issue was addressed with additional sandbox restrictions
CVE-2022-48683
7.8 - High
- June 10, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.
The issue was addressed with improved restriction of data container access
CVE-2023-40389
5.5 - Medium
- June 10, 2024
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2024-23299
8.6 - High
- June 10, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.
This issue was addressed by adding an additional prompt for user consent
CVE-2024-27792
5.5 - Medium
- June 10, 2024
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.
The issue was addressed with improved memory handling
CVE-2024-27818
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.
The issue was addressed with improved checks
CVE-2024-27793
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2024-27804
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
A logic issue was addressed with improved checks
CVE-2024-27816
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.
The issue was addressed with improved memory handling
CVE-2024-27841
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
A privacy issue was addressed by moving sensitive data to a more secure location
CVE-2024-27839
- May 14, 2024
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
A path handling issue was addressed with improved validation
CVE-2024-27810
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.
A privacy issue was addressed with improved client ID handling for alternative app marketplaces
CVE-2024-27852
- May 14, 2024
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.
This issue was addressed through improved state management
CVE-2024-27835
- May 14, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
A permissions issue was addressed with improved validation
CVE-2024-27803
- May 14, 2024
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
A path handling issue was addressed with improved validation
CVE-2024-27821
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVE-2024-27847
- May 14, 2024
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.
The issue was addressed with improved checks
CVE-2024-27796
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.
The issue was addressed with improved checks
CVE-2024-27834
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
A logic issue was addressed with improved checks
CVE-2024-27789
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.
The issue was addressed with improved memory handling
CVE-2024-27804
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
A downgrade issue was addressed with additional code-signing restrictions
CVE-2024-27837
- May 14, 2024
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items.
A logic issue was addressed with improved checks
CVE-2024-27816
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions
CVE-2024-27825
- May 14, 2024
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences.
The issue was addressed with improved memory handling
CVE-2024-27829
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2024-27841
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
This issue was addressed through improved state management
CVE-2024-27827
- May 14, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.
The issue was addressed with improved memory handling
CVE-2024-27818
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.
A path handling issue was addressed with improved validation
CVE-2024-27810
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.
A logic issue was addressed with improved restrictions
CVE-2024-27822
- May 14, 2024
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.
The issue was addressed with improved checks
CVE-2024-27813
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
A logic issue was addressed with improved checks
CVE-2024-27843
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges.
A path handling issue was addressed with improved validation
CVE-2024-27821
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.
An authorization issue was addressed with improved state management
CVE-2024-27798
- May 14, 2024
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges.
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVE-2024-27847
- May 14, 2024
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.
The issue was addressed with improved checks
CVE-2024-27842
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved checks
CVE-2024-27796
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.
The issue was addressed with improved checks
CVE-2024-27834
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
A logic issue was addressed with improved checks
CVE-2024-27789
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.
This issue was addressed by removing the vulnerable code
CVE-2024-27824
- May 14, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges.
A logic issue was addressed with improved checks
CVE-2024-27789
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.
The issue was addressed with improved memory handling
CVE-2024-27804
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
A logic issue was addressed with improved checks
CVE-2024-27816
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.
A path handling issue was addressed with improved validation
CVE-2024-27810
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.
A path handling issue was addressed with improved validation
CVE-2024-27821
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.
The issue was addressed with improved checks
CVE-2024-27834
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
The issue was addressed with improved memory handling
CVE-2024-27804
- May 14, 2024
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
A logic issue was addressed with improved checks
CVE-2024-27816
- May 14, 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.
A path handling issue was addressed with improved validation
CVE-2024-27810
- May 14, 2024
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.
The issue was addressed with improved checks
CVE-2024-27834
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
The issue was addressed with improved checks
CVE-2024-27834
- May 14, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
A correctness issue was addressed with improved checks
CVE-2024-23236
- May 14, 2024
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.
This issue was addressed with improved redaction of sensitive information
CVE-2024-23229
- May 14, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4. A malicious application may be able to access Find My data.
A use after free issue was addressed with improved memory management
CVE-2023-42950
8.8 - High
- March 28, 2024
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3
CVE-2023-42962
7.5 - High
- March 28, 2024
This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.
The issue was addressed with improved memory handling
CVE-2023-42956
6.5 - Medium
- March 28, 2024
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
A path handling issue was addressed with improved validation
CVE-2023-42947
8.6 - High
- March 28, 2024
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.
This issue was addressed with improved redaction of sensitive information
CVE-2023-42936
5.5 - Medium
- March 28, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.
The issue was addressed with improved checks
CVE-2023-42931
7.8 - High
- March 28, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
This issue was addressed with improved checks
CVE-2023-42930
5.5 - Medium
- March 28, 2024
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.
This issue was addressed through improved state management
CVE-2023-42913
8.8 - High
- March 28, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.
An issue was addressed with improved handling of temporary files
CVE-2023-42896
5.5 - Medium
- March 28, 2024
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.
A use-after-free issue was addressed with improved memory management
CVE-2023-42892
7.8 - High
- March 28, 2024
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.
A permissions issue was addressed by removing vulnerable code and adding additional checks
CVE-2023-42893
5.5 - Medium
- March 28, 2024
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.