Apple Apple Software and Device Maker

Do you want an email whenever new security vulnerabilities are reported in any Apple product?

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple macOS2354 vulnerabilities
Macintosh Operating System

Apple iOS1835 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPadOS1203 vulnerabilities
Apple iPad Operating System

Apple tvOS1112 vulnerabilities
Apple TV Operating System

Apple watchOS1087 vulnerabilities
Apple Watch Operating System

Apple Safari476 vulnerabilities

Apple iPadOS354 vulnerabilities
Apple iPad Operating System

Apple iTunes229 vulnerabilities
Apple iTunes Software

Apple iCloud195 vulnerabilities

Apple visionOS48 vulnerabilities

Apple Xcode46 vulnerabilities

Apple Swift14 vulnerabilities

Apple Music7 vulnerabilities

Apple Garageband3 vulnerabilities

Apple Logic Pro X2 vulnerabilities

Apple Imovie1 vulnerability

Apple Airpods Firmware1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
HT214121 Safari 17.6 Security Content July 29, 2024
HT214123 visionOS 1.3 Security Content July 29, 2024
HT214120 macOS Ventura 13.6.8 Security Content July 29, 2024
HT214116 iOS 16.7.9 and iPadOS 16.7.9 Security Content July 29, 2024
HT214117 iOS 17.6 and iPadOS 17.6 Security Content July 29, 2024
HT214119 macOS Sonoma 14.6 Security Content July 29, 2024
HT214118 macOS Monterey 12.7.6 Security Content July 29, 2024
HT214124 watchOS 10.6 Security Content July 29, 2024
HT214122 tvOS 17.6 Security Content July 29, 2024
HT214111 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 Security Content June 25, 2024

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 March 6, 2024
Apple Multiple Products Improper Authentication Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 January 31, 2024
Apple Multiple Products Type Confusion Vulnerability Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 January 23, 2024
Apple Multiple Products Code Execution Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 January 8, 2024
Apple Multiple Products WebKit Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 December 4, 2023
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 December 4, 2023
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 October 5, 2023
Apple Multiple Products Improper Certificate Validation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 September 25, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 September 25, 2023
Apple Multiple Products Kernel Privilege Escalation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 September 25, 2023
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. CVE-2023-41061 September 11, 2023
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 September 11, 2023
Apple Multiple Products Kernel Unspecified Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. CVE-2023-38606 July 26, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-37450 July 13, 2023
Apple iOS and iPadOS WebKit Memory Corruption Vulnerability Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-32435 June 23, 2023
Apple Multiple Products Integer Overflow Vulnerability Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2023-32434 June 23, 2023
Apple Multiple Products WebKit Type Confusion Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-32439 June 23, 2023
Apple macOS Use-After-Free Vulnerability Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 April 17, 2023
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 April 10, 2023

By the Year

In 2024 there have been 400 vulnerabilities in Apple with an average score of 6.0 out of ten. Last year Apple had 505 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.54

Year Vulnerabilities Average Score
2024 400 6.04
2023 505 6.58
2022 462 7.09
2021 603 6.99
2020 385 6.95
2019 548 7.41
2018 184 7.36

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

A logic issue was addressed with improved validation

CVE-2024-44204 5.5 - Medium - October 04, 2024

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.

This issue was addressed with improved checks

CVE-2024-44207 4.3 - Medium - October 04, 2024

This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.

The issue was addressed with improved checks

CVE-2024-44189 7.5 - High - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.

A permissions issue was addressed with additional restrictions

CVE-2024-40837 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

A permissions issue was addressed with additional restrictions

CVE-2024-40831 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.

Improper Preservation of Permissions

This issue was addressed with improved data protection

CVE-2024-40830 3.3 - Low - September 17, 2024

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.

A privacy issue was addressed with improved handling of files

CVE-2024-40826 6.1 - Medium - September 17, 2024

A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.

The issue was addressed with improved memory handling

CVE-2024-27861 7.5 - High - September 17, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.

The issue was addressed with improved memory handling

CVE-2024-27860 5.5 - Medium - September 17, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.

A permissions issue was addressed with additional restrictions

CVE-2024-27858 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

Improper Preservation of Permissions

The issue was addressed with improved memory handling

CVE-2024-23237 5.5 - Medium - September 17, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.

A permissions issue was addressed with additional restrictions

CVE-2024-27795 7.5 - High - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.

Improper Preservation of Permissions

The issue was addressed with improved handling of caches

CVE-2024-40790 5.5 - Medium - September 17, 2024

The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory.

An integer overflow was addressed through improved input validation

CVE-2024-44198 5.5 - Medium - September 17, 2024

An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

Integer Overflow or Wraparound

This issue was addressed through improved state management

CVE-2024-44191 5.5 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.

A path handling issue was addressed with improved validation

CVE-2024-44190 5.5 - Medium - September 17, 2024

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files.

Directory traversal

A permissions issue was addressed with additional restrictions

CVE-2024-44188 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

Improper Preservation of Permissions

A cross-origin issue existed with "iframe" elements

CVE-2024-44187 6.5 - Medium - September 17, 2024

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

Origin Validation Error

An access issue was addressed with additional sandbox restrictions

CVE-2024-44186 5.5 - Medium - September 17, 2024

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

A permissions issue was addressed with additional restrictions

CVE-2024-44184 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.

A logic error was addressed with improved error handling

CVE-2024-44183 5.5 - Medium - September 17, 2024

A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.

This issue was addressed with improved redaction of sensitive information

CVE-2024-44182 5.5 - Medium - September 17, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app.

An issue was addressed with improved handling of temporary files

CVE-2024-44181 5.5 - Medium - September 17, 2024

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information.

The issue was addressed with improved checks

CVE-2024-44180 2.4 - Low - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

This issue was addressed with improved validation of symlinks

CVE-2024-44178 5.5 - Medium - September 17, 2024

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

insecure temporary file

A privacy issue was addressed by removing sensitive data

CVE-2024-44177 5.5 - Medium - September 17, 2024

A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-44176 5.5 - Medium - September 17, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.

This issue was addressed through improved state management

CVE-2024-44171 4.6 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

This issue was addressed with improved redaction of sensitive information

CVE-2024-44158 5.5 - Medium - September 17, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent.

A memory initialization issue was addressed with improved memory handling

CVE-2024-44154 5.5 - Medium - September 17, 2024

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination.

The issue was addressed with improved permissions logic

CVE-2024-44153 5.5 - Medium - September 17, 2024

The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-44152 7.5 - High - September 17, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

A permissions issue was addressed with additional restrictions

CVE-2024-44151 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

A permissions issue was addressed with additional restrictions

CVE-2024-44149 7.5 - High - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

Improper Preservation of Permissions

This issue was addressed with improved validation of file attributes

CVE-2024-44148 10 - Critical - September 17, 2024

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

A logic issue was addressed with improved file handling

CVE-2024-44146 10 - Critical - September 17, 2024

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

The issue was addressed with improved checks

CVE-2024-44139 2.4 - Low - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

A permissions issue was addressed with additional restrictions

CVE-2024-44135 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.

This issue was addressed with improved redaction of sensitive information

CVE-2024-44134 5.5 - Medium - September 17, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.

This issue was addressed with improved validation of symlinks

CVE-2024-44131 5.5 - Medium - September 17, 2024

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.

insecure temporary file

A privacy issue was addressed by moving sensitive data to a more secure location

CVE-2024-44170 5.5 - Medium - September 17, 2024

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data.

This issue was addressed by enabling hardened runtime

CVE-2024-44162 7.8 - High - September 17, 2024

This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.

A logic issue was addressed with improved state management

CVE-2024-27875 5.5 - Medium - September 17, 2024

A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.

This issue was addressed through improved state management

CVE-2024-40840 4.6 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.

An out-of-bounds read was addressed with improved bounds checking

CVE-2024-44161 5.5 - Medium - September 17, 2024

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.

Out-of-bounds Read

The issue was addressed with improved checks

CVE-2024-44163 5.5 - Medium - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information.

This issue was addressed with improved checks

CVE-2024-44164 7.1 - High - September 17, 2024

This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences.

A logic issue was addressed with improved checks

CVE-2024-44165 7.5 - High - September 17, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-44166 5.5 - Medium - September 17, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.

Insertion of Sensitive Information into Log File

A library injection issue was addressed with additional restrictions

CVE-2024-44168 5.5 - Medium - September 17, 2024

A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

DLL preloading

An out-of-bounds read issue was addressed with improved input validation

CVE-2024-27880 5.5 - Medium - September 17, 2024

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.

Out-of-bounds Read

A permissions issue was addressed with additional restrictions

CVE-2024-40770 7.5 - High - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.

Improper Preservation of Permissions

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-40791 3.3 - Low - September 17, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts.

Insertion of Sensitive Information into Log File

This issue was addressed by removing the vulnerable code

CVE-2024-44133 5.5 - Medium - September 17, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.

This issue was addressed through improved state management

CVE-2024-40797 6.1 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing.

A permissions issue was addressed with additional restrictions

CVE-2024-40801 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data.

A privacy issue was addressed by moving sensitive data to a protected location

CVE-2024-40838 3.3 - Low - September 17, 2024

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.

An issue was addressed with improved validation of environment variables

CVE-2024-40842 5.5 - Medium - September 17, 2024

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

A privacy issue was addressed with improved handling of temporary files

CVE-2024-40844 5.5 - Medium - September 17, 2024

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts.

The issue was addressed with improved memory handling

CVE-2024-40845 5.5 - Medium - September 17, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.

The issue was addressed with improved memory handling

CVE-2024-40846 5.5 - Medium - September 17, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.

The issue was addressed with additional code-signing restrictions

CVE-2024-40847 5.5 - Medium - September 17, 2024

The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data.

A downgrade issue was addressed with additional code-signing restrictions

CVE-2024-40848 7.5 - High - September 17, 2024

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information.

A file access issue was addressed with improved input validation

CVE-2024-40850 5.5 - Medium - September 17, 2024

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

An integrity issue was addressed with Beacon Protection

CVE-2024-40856 7.5 - High - September 17, 2024

An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network.

This issue was addressed through improved state management

CVE-2024-40857 6.1 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.

XSS

A permissions issue was addressed with additional restrictions

CVE-2024-40859 5.5 - Medium - September 17, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

Improper Preservation of Permissions

A logic issue was addressed with improved checks

CVE-2024-40860 5.5 - Medium - September 17, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

This issue was addressed with improved data protection

CVE-2024-40863 5.5 - Medium - September 17, 2024

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information.

The issue was addressed with improved UI

CVE-2024-40866 6.5 - Medium - September 17, 2024

The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.

This issue was addressed through improved state management

CVE-2024-44124 6.5 - Medium - September 17, 2024

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.

The issue was addressed with improved checks

CVE-2024-44125 5.5 - Medium - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information.

This issue was addressed by adding an additional prompt for user consent

CVE-2024-44128 5.5 - Medium - September 17, 2024

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper.

The issue was addressed with improved checks

CVE-2024-44129 5.5 - Medium - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information.

This issue was addressed with improved data protection

CVE-2024-44130 4.4 - Medium - September 17, 2024

This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.

The issue was addressed with improved checks

CVE-2024-40843 5.5 - Medium - September 17, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.

The issue was addressed by suspending Persona when the virtual keyboard is active

CVE-2024-40865 5.3 - Medium - September 06, 2024

The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.

A use-after-free issue was addressed with improved memory management

CVE-2024-40782 - July 29, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

A use-after-free issue was addressed with improved memory management

CVE-2024-40776 4.3 - Medium - July 29, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Dangling pointer

This issue was addressed through improved state management

CVE-2024-40824 - July 29, 2024

This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

A permissions issue was addressed with additional restrictions

CVE-2024-40805 - July 29, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

A type confusion issue was addressed with improved memory handling

CVE-2024-40788 5.5 - Medium - July 29, 2024

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.

Object Type Confusion

An information disclosure issue was addressed with improved private data redaction for log entries

CVE-2024-27863 5.5 - Medium - July 29, 2024

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.

An integer overflow was addressed with improved input validation

CVE-2024-40784 - July 29, 2024

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-40777 - July 29, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

An out-of-bounds read issue was addressed with improved input validation

CVE-2024-40806 5.5 - Medium - July 29, 2024

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

Out-of-bounds Read

This issue was addressed with improved data protection

CVE-2024-40795 3.3 - Low - July 29, 2024

This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information.

A race condition was addressed with additional validation

CVE-2024-40815 7.5 - High - July 29, 2024

A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Race Condition

An out-of-bounds read issue was addressed with improved input validation

CVE-2024-40799 7.1 - High - July 29, 2024

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

Out-of-bounds Read

A use-after-free issue was addressed with improved memory management

CVE-2024-40776 4.3 - Medium - July 29, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Dangling pointer

This issue was addressed by adding an additional prompt for user consent

CVE-2024-40787 7.1 - High - July 29, 2024

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

This issue was addressed by removing the vulnerable code

CVE-2024-40793 5.5 - Medium - July 29, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data.

This issue was addressed by restricting options offered on a locked device

CVE-2024-40818 4.6 - Medium - July 29, 2024

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An attacker with physical access may be able to use Siri to access sensitive user data.

This issue was addressed by restricting options offered on a locked device

CVE-2024-40822 2.4 - Low - July 29, 2024

This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access contacts from the lock screen.

This issue was addressed with improved validation of symlinks

CVE-2024-27872 5.5 - Medium - July 29, 2024

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.

An out-of-bounds read was addressed with improved bounds checking

CVE-2024-40780 5.5 - Medium - July 29, 2024

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Out-of-bounds Read

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-40789 6.5 - Medium - July 29, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

This issue was addressed with improved checks

CVE-2024-40785 6.1 - Medium - July 29, 2024

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

XSS

A downgrade issue was addressed with additional code-signing restrictions

CVE-2024-40774 7.1 - High - July 29, 2024

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.

An out-of-bounds read was addressed with improved bounds checking

CVE-2024-40779 5.5 - Medium - July 29, 2024

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.

Out-of-bounds Read

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.