Apple Apple Software and Device Maker

Do you want an email whenever new security vulnerabilities are reported in any Apple product?

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple iOS1739 vulnerabilities
The iOS Operating System used by iPhones.

Apple Macos1416 vulnerabilities

Apple Mac OSX1172 vulnerabilities
Macintosh Operating System

Apple iPad OS1114 vulnerabilities
Apple iPad Operating System

Apple TV OS1036 vulnerabilities
Apple TV Operating System

Apple Watch OS1035 vulnerabilities
Apple Watch Operating System

Apple Safari458 vulnerabilities

Apple iPad OS353 vulnerabilities
Apple iPad Operating System

Apple iTunes229 vulnerabilities
Apple iTunes Software

Apple iCloud195 vulnerabilities

Apple Xcode43 vulnerabilities

Apple Mac Os X Server38 vulnerabilities

Apple Mac Os35 vulnerabilities

Apple Tv26 vulnerabilities

Apple Cups21 vulnerabilities

Apple Tv Os7 vulnerabilities

Apple Music7 vulnerabilities

Apple Iphone7 vulnerabilities

Apple Swiftnio Http25 vulnerabilities

Apple Garageband3 vulnerabilities

Apple Visionos3 vulnerabilities

Apple Swift3 vulnerabilities

Apple Logic Pro X2 vulnerabilities

Apple Shortcuts2 vulnerabilities

Apple Swiftnio2 vulnerabilities

Apple Files2 vulnerabilities

Apple Shazam1 vulnerability

Apple Remote Desktop1 vulnerability

Apple Macos13 01 vulnerability

Apple Swift Foundation1 vulnerability

Apple Swift Nio Extras1 vulnerability

Apple Webobjects1 vulnerability

Apple Swiftnio Ssl1 vulnerability

Apple Watch Os1 vulnerability

Apple Texture1 vulnerability

Apple Itunes U1 vulnerability

Apple Airpods Firmware1 vulnerability

Appleshare1 vulnerability

Apple Boot Camp1 vulnerability

Apple Imessage1 vulnerability

Apple Imovie1 vulnerability

Apple Iphone 3gs1 vulnerability

Apple Ipod Touch1 vulnerability

Apple Macos Server1 vulnerability

Apple A Ux1 vulnerability

Apple Mail1 vulnerability

Apple Maos1 vulnerability

Apple Nioextras1 vulnerability

Apple Os X Server1 vulnerability

Apple Pro Video Formats1 vulnerability

Apple Quicktime1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
HT214094 Safari 17.4.1 Security Content March 25, 2024
HT214095 macOS Ventura 13.6.6 Security Content March 25, 2024
HT214096 macOS Sonoma 14.4.1 Security Content March 25, 2024
HT214093 visionOS 1.1.1 Security Content March 21, 2024
HT214097 iOS 17.4.1 and iPadOS 17.4.1 Security Content March 21, 2024
HT214098 iOS 16.7.7 and iPadOS 16.7.7 Security Content March 21, 2024
HT214090 GarageBand 10.4.11 Security Content March 12, 2024
HT214084 macOS Sonoma 14.4 Security Content March 7, 2024
HT214087 visionOS 1.1 Security Content March 7, 2024
HT214086 tvOS 17.4 Security Content March 7, 2024

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 March 6, 2024
Apple Multiple Products Improper Authentication Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 January 31, 2024
Apple Multiple Products Type Confusion Vulnerability Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 January 23, 2024
Apple Multiple Products Code Execution Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 January 8, 2024
Apple Multiple Products WebKit Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-42917 December 4, 2023
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content. CVE-2023-42916 December 4, 2023
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-42824 October 5, 2023
Apple Multiple Products Improper Certificate Validation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. CVE-2023-41991 September 25, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-41993 September 25, 2023
Apple Multiple Products Kernel Privilege Escalation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. CVE-2023-41992 September 25, 2023
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. CVE-2023-41061 September 11, 2023
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. CVE-2023-41064 September 11, 2023
Apple Multiple Products Kernel Unspecified Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state. CVE-2023-38606 July 26, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content. CVE-2023-37450 July 13, 2023
Apple iOS and iPadOS WebKit Memory Corruption Vulnerability Apple iOS and iPadOS WebKit contain a memory corruption vulnerability that leads to code execution when processing web content. CVE-2023-32435 June 23, 2023
Apple Multiple Products Integer Overflow Vulnerability Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. CVE-2023-32434 June 23, 2023
Apple Multiple Products WebKit Type Confusion Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2023-32439 June 23, 2023
Apple macOS Use-After-Free Vulnerability Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 April 17, 2023
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. CVE-2023-28206 April 10, 2023

By the Year

In 2024 there have been 172 vulnerabilities in Apple with an average score of 6.3 out of ten. Last year Apple had 504 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.27

Year Vulnerabilities Average Score
2024 172 6.31
2023 504 6.58
2022 462 7.09
2021 603 6.99
2020 384 6.95
2019 548 7.41
2018 184 7.36

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

A privacy issue was addressed by moving sensitive data to a protected location

CVE-2023-40390 5.5 - Medium - March 28, 2024

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.

A use-after-free issue was addressed with improved memory management

CVE-2023-42892 7.8 - High - March 28, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.

A permissions issue was addressed by removing vulnerable code and adding additional checks

CVE-2023-42893 5.5 - Medium - March 28, 2024

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.

An issue was addressed with improved handling of temporary files

CVE-2023-42896 5.5 - Medium - March 28, 2024

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.

This issue was addressed through improved state management

CVE-2023-42913 8.8 - High - March 28, 2024

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.

This issue was addressed with improved checks

CVE-2023-42930 5.5 - Medium - March 28, 2024

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.

The issue was addressed with improved checks

CVE-2023-42931 7.8 - High - March 28, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.

This issue was addressed with improved redaction of sensitive information

CVE-2023-42936 5.5 - Medium - March 28, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.

A path handling issue was addressed with improved validation

CVE-2023-42947 8.6 - High - March 28, 2024

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.

A use after free issue was addressed with improved memory management

CVE-2023-42950 8.8 - High - March 28, 2024

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2023-42956 6.5 - Medium - March 28, 2024

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.

This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3

CVE-2023-42962 7.5 - High - March 28, 2024

This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.

A logic issue was addressed with improved state management.

CVE-2024-23298 - March 15, 2024

A logic issue was addressed with improved state management.

A logic issue was addressed with improved checks

CVE-2023-42938 - March 14, 2024

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.

A use-after-free issue was addressed with improved memory management

CVE-2024-23300 - March 12, 2024

A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions

CVE-2024-23269 - March 08, 2024

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

This issue was addressed through improved state management

CVE-2024-23241 - March 08, 2024

This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.

This issue was addressed with improved redaction of sensitive information

CVE-2024-23227 - March 08, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.

A logic issue was addressed with improved checks

CVE-2024-23276 7.8 - High - March 08, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

A logic issue was addressed with improved checks

CVE-2024-23272 5.5 - Medium - March 08, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system.

This issue was addressed by adding an additional prompt for user consent

CVE-2024-23245 - March 08, 2024

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.

This issue was addressed with improved file handling

CVE-2024-23230 - March 08, 2024

This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

A path handling issue was addressed with improved validation

CVE-2024-23216 - March 08, 2024

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.

The issue was addressed with improved checks

CVE-2024-23267 5.5 - Medium - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.

A race condition was addressed with additional validation

CVE-2024-23275 4.7 - Medium - March 08, 2024

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data.

Race Condition

An injection issue was addressed with improved input validation

CVE-2024-23268 7.8 - High - March 08, 2024

An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Injection

An injection issue was addressed with improved input validation

CVE-2024-23274 7.8 - High - March 08, 2024

An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Injection

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-23283 - March 08, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.

A validation issue was addressed with improved input sanitization

CVE-2024-23264 - March 08, 2024

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.

This issue was addressed with improved redaction of sensitive information

CVE-2023-28826 - March 08, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

A permissions issue was addressed with additional restrictions

CVE-2024-23201 - March 08, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.

A memory corruption vulnerability was addressed with improved locking

CVE-2024-23265 - March 08, 2024

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.

The issue was addressed with improved checks

CVE-2024-23266 5.5 - Medium - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

An out-of-bounds write issue was addressed with improved input validation

CVE-2024-23234 - March 08, 2024

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2024-23257 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.

A buffer overflow issue was addressed with improved memory handling

CVE-2024-23286 - March 08, 2024

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2024-23270 7.8 - High - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved restrictions

CVE-2024-23244 - March 08, 2024

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to escalate privilege after admin user login.

The issue was addressed with improved memory handling

CVE-2024-23247 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions

CVE-2024-23269 - March 08, 2024

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

This issue was addressed with improved redaction of sensitive information

CVE-2024-23227 - March 08, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.

A logic issue was addressed with improved checks

CVE-2024-23276 7.8 - High - March 08, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

A logic issue was addressed with improved state management

CVE-2024-23284 - March 08, 2024

A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

An injection issue was addressed with improved validation

CVE-2024-23280 - March 08, 2024

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.

A logic issue was addressed with improved validation

CVE-2024-23263 - March 08, 2024

A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

The issue was addressed with improved UI handling

CVE-2024-23254 - March 08, 2024

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-23252 - March 08, 2024

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

The issue was addressed with improved memory handling

CVE-2024-23226 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.

This issue was addressed by removing the vulnerable code

CVE-2024-23246 - March 08, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.

This issue was addressed by removing additional entitlements

CVE-2024-23260 - March 08, 2024

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.

This issue was addressed with improved state management

CVE-2024-23281 - March 08, 2024

This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data.

A privacy issue was addressed by not logging contents of text fields

CVE-2024-23242 - March 08, 2024

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.

A logic issue was addressed with improved checks

CVE-2024-23272 5.5 - Medium - March 08, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system.

This issue was addressed through improved state management

CVE-2024-23293 - March 08, 2024

This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.

A lock screen issue was addressed with improved state management

CVE-2024-23289 - March 08, 2024

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.

This issue was addressed with improved data protection

CVE-2024-23292 - March 08, 2024

This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.

This issue was addressed by adding an additional prompt for user consent

CVE-2024-23245 - March 08, 2024

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.

This issue was addressed with improved file handling

CVE-2024-23230 - March 08, 2024

This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-23231 - March 08, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.

A privacy issue was addressed with improved handling of temporary files

CVE-2024-23232 - March 08, 2024

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen.

A logic issue was addressed with improved restrictions

CVE-2024-23290 - March 08, 2024

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.

An out-of-bounds read was addressed with improved input validation

CVE-2024-23258 - March 08, 2024

An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.

This issue was addressed through improved state management

CVE-2024-23273 4.3 - Medium - March 08, 2024

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-23252 - March 08, 2024

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

The issue was addressed with improved UI handling

CVE-2024-23254 - March 08, 2024

The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.

A logic issue was addressed with improved validation

CVE-2024-23263 - March 08, 2024

A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

An injection issue was addressed with improved validation

CVE-2024-23280 - March 08, 2024

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.

A logic issue was addressed with improved state management

CVE-2024-23284 - March 08, 2024

A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-23291 - March 08, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.

A logic issue was addressed with improved checks

CVE-2024-23276 7.8 - High - March 08, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

This issue was addressed with improved redaction of sensitive information

CVE-2024-23227 - March 08, 2024

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.

This issue was addressed with improved checks

CVE-2024-23233 - March 08, 2024

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions

CVE-2024-23269 - March 08, 2024

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

This issue was addressed by removing the vulnerable code

CVE-2024-23288 - March 08, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.

The issue was addressed with improved checks

CVE-2024-23277 5.9 - Medium - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

The issue was addressed with improved memory handling

CVE-2024-23247 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2024-23248 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

The issue was addressed with improved memory handling

CVE-2024-23249 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.

An access issue was addressed with improved access restrictions

CVE-2024-23250 - March 08, 2024

An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.

A logic issue was addressed with improved restrictions

CVE-2024-23244 - March 08, 2024

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to escalate privilege after admin user login.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-23205 - March 08, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.

A permissions issue was addressed with additional restrictions

CVE-2024-23253 - March 08, 2024

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.

The issue was addressed with improved memory handling

CVE-2024-23270 7.8 - High - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2024-23257 - March 08, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.

This issue was addressed with improved handling of symlinks

CVE-2024-23285 - March 08, 2024

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.

An access issue was addressed with improved access restrictions

CVE-2024-23238 - March 08, 2024

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.

This issue was addressed through improved state management

CVE-2024-23273 4.3 - Medium - March 08, 2024

This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

The issue was addressed with improved checks

CVE-2024-23259 - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.

This issue was addressed by removing the vulnerable code

CVE-2024-23294 - March 08, 2024

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.

An authentication issue was addressed with improved state management

CVE-2024-23255 - March 08, 2024

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication.

A race condition was addressed with additional validation

CVE-2024-23275 4.7 - Medium - March 08, 2024

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data.

Race Condition

An injection issue was addressed with improved input validation

CVE-2024-23274 7.8 - High - March 08, 2024

An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Injection

An injection issue was addressed with improved input validation

CVE-2024-23268 7.8 - High - March 08, 2024

An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Injection

The issue was addressed with improved checks

CVE-2024-23267 5.5 - Medium - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.

A path handling issue was addressed with improved validation

CVE-2024-23216 - March 08, 2024

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-23283 - March 08, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.

The issue was addressed with improved checks

CVE-2024-23266 5.5 - Medium - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

A memory corruption vulnerability was addressed with improved locking

CVE-2024-23265 - March 08, 2024

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.

A race condition was addressed with additional validation

CVE-2024-23235 - March 08, 2024

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.

The issue was addressed with improved checks

CVE-2024-23278 - March 08, 2024

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.