Apple Apple Software and Device Maker

  1. Vendors
  2. Apple

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Apple product.

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple macOS2701 vulnerabilities
Macintosh Operating System

Apple iOS2039 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPadOS1405 vulnerabilities
Apple iPad Operating System

Apple tvOS1221 vulnerabilities
Apple TV Operating System

Apple watchOS1203 vulnerabilities
Apple Watch Operating System

Apple Safari513 vulnerabilities

Apple iPadOS437 vulnerabilities
Apple iPad Operating System

Apple iTunes234 vulnerabilities
Apple iTunes Software

Apple iCloud195 vulnerabilities

Apple visionOS144 vulnerabilities

Apple Xcode50 vulnerabilities

Apple Swift14 vulnerabilities

Apple Music8 vulnerabilities

Apple Garageband6 vulnerabilities

Apple Logic Pro X2 vulnerabilities

Apple Iphone Os1 vulnerability

Apple Imovie1 vulnerability

Apple Airpods Firmware1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
122173 iPadOS 17.7.5 - Apple Security Content February 10, 2025
122174 iOS 18.3.1 and iPadOS 18.3.1 - Apple Security Content February 10, 2025
121866 GarageBand 10.4.12 - Apple Security Content January 30, 2025
122074 Safari 18.3 - Apple Security Content January 27, 2025
122067 iPadOS 17.7.4 - Apple Security Content January 27, 2025
122069 macOS Sonoma 14.7.3 - Apple Security Content January 27, 2025
122068 macOS Sequoia 15.3 - Apple Security Content January 27, 2025
122073 visionOS 2.3 - Apple Security Content January 27, 2025
122066 iOS 18.3 and iPadOS 18.3 - Apple Security Content January 27, 2025
122071 watchOS 11.3 - Apple Security Content January 27, 2025

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple iOS and iPadOS Incorrect Authorization Vulnerability Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
CVE-2025-24200 Exploit Probability: 4.5% 		February 12, 2025
Apple Multiple Products Use-After-Free Vulnerability Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
CVE-2025-24085 Exploit Probability: 0.2% 		January 29, 2025
Apple Multiple Products Code Execution Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
CVE-2024-44308 Exploit Probability: 0.2% 		November 21, 2024
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
CVE-2024-44309 Exploit Probability: 0.3% 		November 21, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23225 Exploit Probability: 0.2% 		March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23296 Exploit Probability: 0.2% 		March 6, 2024
Apple Multiple Products Improper Authentication Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
CVE-2022-48618 Exploit Probability: 0.3% 		January 31, 2024
Apple Multiple Products Type Confusion Vulnerability Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.
CVE-2024-23222 Exploit Probability: 0.3% 		January 23, 2024
Apple Multiple Products Code Execution Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
CVE-2023-41990 Exploit Probability: 0.1% 		January 8, 2024
Apple Multiple Products WebKit Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.
CVE-2023-42917 Exploit Probability: 0.3% 		December 4, 2023
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content.
CVE-2023-42916 Exploit Probability: 0.3% 		December 4, 2023
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
CVE-2023-42824 Exploit Probability: 0.1% 		October 5, 2023
Apple Multiple Products Improper Certificate Validation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
CVE-2023-41991 Exploit Probability: 1.9% 		September 25, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.
CVE-2023-41993 Exploit Probability: 0.5% 		September 25, 2023
Apple Multiple Products Kernel Privilege Escalation Vulnerability Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
CVE-2023-41992 Exploit Probability: 0.1% 		September 25, 2023
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.
CVE-2023-41064 Exploit Probability: 0.5% 		September 11, 2023
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.
CVE-2023-41061 Exploit Probability: 0.1% 		September 11, 2023
Apple Multiple Products Kernel Unspecified Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify sensitive kernel state.
CVE-2023-38606 Exploit Probability: 0.4% 		July 26, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.
CVE-2023-37450 Exploit Probability: 0.2% 		July 13, 2023
Apple Multiple Products Integer Overflow Vulnerability Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
CVE-2023-32434 Exploit Probability: 0.1% 		June 23, 2023

Top 10 Riskiest Apple Vulnerabilities

Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2016-4657 68.1% Apple iOS Webkit Memory Corruption Vulnerability
2 CVE-2021-30657 57.0% Apple macOS Policy Subsystem Gatekeeper Bypass
3 CVE-2019-8506 19.6% Apple Multiple Products Type Confusion Vulnerability
4 CVE-2016-4655 15.9% Apple iOS Information Disclosure Vulnerability
5 CVE-2014-4404 9.2% Apple OS X Heap-Based Buffer Overflow Vulnerability
6 CVE-2016-4656 7.1% Apple iOS Memory Corruption Vulnerability
7 CVE-2025-24200 4.5% Apple iOS and iPadOS Incorrect Authorization Vulnerability
8 CVE-2021-1789 4.0% Apple Multiple Products Type Confusion Vulnerability
9 CVE-2020-9818 3.9% Apple iOS Mail OOB Vulnerability
10 CVE-2022-32893 3.1% Apple iOS and macOS Out-of-Bounds Write Vulnerability

By the Year

In 2025 there have been 80 vulnerabilities in Apple with an average score of 6.0 out of ten. Last year, in 2024 Apple had 614 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.07




Year Vulnerabilities Average Score
2025 80 5.96
2024 614 6.04
2023 506 6.58
2022 462 7.09
2021 603 6.99
2020 385 6.95
2019 548 7.41
2018 184 7.36

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

An authorization issue was addressed with improved state management

CVE-2025-24200 6.1 - Medium - February 10, 2025

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

AuthZ

The issue was addressed with improved bounds checks

CVE-2024-44142 - January 30, 2025

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved handling of symlinks

CVE-2025-24104 5.5 - Medium - January 27, 2025

This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.

insecure temporary file

An input validation issue was addressed

CVE-2025-24126 - January 27, 2025

An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.

A type confusion issue was addressed with improved checks

CVE-2025-24129 7.5 - High - January 27, 2025

A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.

Object Type Confusion

The issue was addressed with improved memory handling

CVE-2025-24131 6.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.

A type confusion issue was addressed with improved checks

CVE-2025-24137 - January 27, 2025

A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.

The issue was addressed with improved checks

CVE-2025-24127 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24160 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24161 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24163 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24123 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24124 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

A use after free issue was addressed with improved memory management

CVE-2025-24085 7.8 - High - January 27, 2025

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Dangling pointer

The issue was addressed with improved memory handling

CVE-2025-24086 5.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.

A validation issue was addressed with improved logic

CVE-2025-24159 - January 27, 2025

A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved redaction of sensitive information

CVE-2025-24117 5.5 - Medium - January 27, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.

Insecure Storage of Sensitive Information

The issue was addressed with improved UI

CVE-2025-24113 4.3 - Medium - January 27, 2025

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

An out-of-bounds read was addressed with improved bounds checking

CVE-2025-24149 - January 27, 2025

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.

An out-of-bounds write was addressed with improved input validation

CVE-2025-24154 - January 27, 2025

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

The issue was addressed with improved access restrictions to the file system

CVE-2025-24143 6.5 - Medium - January 27, 2025

The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.

The issue was addressed with improved memory handling

CVE-2025-24158 - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.

This issue was addressed through improved state management

CVE-2025-24162 - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.

An authentication issue was addressed with improved state management

CVE-2025-24141 3.3 - Low - January 27, 2025

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.

A null pointer dereference was addressed with improved input validation

CVE-2025-24177 7.5 - High - January 27, 2025

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.

NULL Pointer Dereference

A permissions issue was addressed with additional restrictions

CVE-2025-24107 7.8 - High - January 27, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges.

The issue was addressed by adding additional logic

CVE-2025-24128 4.3 - Medium - January 27, 2025

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2025-24145 3.3 - Low - January 27, 2025

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.

Insertion of Sensitive Information into Log File

A privacy issue was addressed with improved handling of files

CVE-2025-24150 8.8 - High - January 27, 2025

A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.

Command Injection

The issue was addressed with improved checks

CVE-2025-24102 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a users current location.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-54478 - January 27, 2025

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved memory handling

CVE-2025-24118 - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

The issue was addressed with improved checks

CVE-2024-54497 6.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.

The issue was addressed with additional permissions checks

CVE-2025-24087 5.5 - Medium - January 27, 2025

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.

Improper Preservation of Permissions

The issue was addressed with improved checks

CVE-2025-24112 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.

A logic issue was addressed with improved restrictions

CVE-2025-24100 3.3 - Low - January 27, 2025

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access information about a user's contacts.

A downgrade issue was addressed with additional code-signing restrictions

CVE-2025-24109 - January 27, 2025

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data.

A permissions issue was addressed with additional restrictions

CVE-2025-24114 5.5 - Medium - January 27, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

A logic issue was addressed with improved checks

CVE-2025-24121 - January 27, 2025

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions

CVE-2025-24122 - January 27, 2025

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

An information disclosure issue was addressed with improved privacy controls

CVE-2025-24134 - January 27, 2025

An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.

A logic issue was addressed with improved file handling

CVE-2024-54488 5.3 - Medium - January 27, 2025

A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication.

The issue was addressed by removing the relevant flags

CVE-2024-54512 9.1 - Critical - January 27, 2025

The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.2 and iPadOS 18.2. A system binary could be used to fingerprint a user's Apple Account.

A permissions issue was addressed with additional restrictions

CVE-2024-54516 3.3 - Low - January 27, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent.

The issue was addressed with improved bounds checks

CVE-2024-54517 7.8 - High - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Memory Corruption

The issue was addressed with improved bounds checks

CVE-2024-54522 7.8 - High - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Memory Corruption

The issue was addressed with improved validation of environment variables

CVE-2024-54536 5.5 - Medium - January 27, 2025

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables.

This issue was addressed through improved state management

CVE-2024-54541 5.5 - Medium - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

The issue was addressed with improved memory handling

CVE-2024-54543 8.8 - High - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.

Memory Corruption

This issue was addressed with improved redaction of sensitive information

CVE-2024-54549 5.5 - Medium - January 27, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

A logic issue was addressed with improved restrictions

CVE-2024-54557 7.5 - High - January 27, 2025

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.

A permissions issue was addressed with additional restrictions

CVE-2025-24093 - January 27, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-44172 3.3 - Low - January 27, 2025

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.

An out-of-bounds write issue was addressed with improved input validation

CVE-2024-54509 7.8 - High - January 27, 2025

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

Memory Corruption

An integer overflow was addressed through improved input validation

CVE-2025-24156 7.8 - High - January 27, 2025

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to elevate privileges.

Integer Overflow or Wraparound

This issue was addressed by improved management of object lifetimes

CVE-2025-24120 7.5 - High - January 27, 2025

This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.

This issue was addressed with improved data protection

CVE-2025-24092 - January 27, 2025

This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information.

This issue was addressed with improved message validation

CVE-2025-24135 - January 27, 2025

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.

A permissions issue was addressed with improved validation

CVE-2025-24176 - January 27, 2025

A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.

This issue was addressed through improved state management

CVE-2025-24138 - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information.

The issue was addressed with improved memory handling

CVE-2025-24152 5.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app may be able to cause unexpected system termination or corrupt kernel memory.

The issue was addressed with improved memory handling

CVE-2025-24151 - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or corrupt kernel memory.

The issue was addressed with improved checks

CVE-2025-24139 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination.

A buffer overflow issue was addressed with improved memory handling

CVE-2025-24153 6.7 - Medium - January 27, 2025

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Classic Buffer Overflow

An access issue was addressed with additional sandbox restrictions

CVE-2025-24108 - January 27, 2025

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.

This issue was addressed with improved validation of symlinks

CVE-2025-24103 - January 27, 2025

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data.

This issue was addressed with improved redaction of sensitive information

CVE-2025-24146 - January 27, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may expose user contact information in system logging.

A logging issue was addressed with improved data redaction

CVE-2025-24169 7.5 - High - January 27, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication.

The issue was addressed with improved checks

CVE-2025-24130 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

This issue was addressed through improved state management

CVE-2025-24096 5.5 - Medium - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.

This issue was addressed with improved redaction of sensitive information

CVE-2025-24101 - January 27, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.

This issue was addressed with improved validation of symlinks

CVE-2025-24136 4.4 - Medium - January 27, 2025

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to protected regions of the disk.

insecure temporary file

An access issue was addressed with additional sandbox restrictions

CVE-2025-24116 4.4 - Medium - January 27, 2025

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.

A path handling issue was addressed with improved validation

CVE-2025-24115 - January 27, 2025

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read files outside of its sandbox.

A race condition was addressed with additional validation

CVE-2025-24094 4.7 - Medium - January 27, 2025

A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access user-sensitive data.

Race Condition

The issue was addressed with improved checks

CVE-2025-24174 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.

This issue was addressed through improved state management

CVE-2025-24140 5.3 - Medium - January 27, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied.

The issue was addressed with improved checks

CVE-2025-24106 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.

A path handling issue was addressed with improved logic

CVE-2024-54535 4.3 - Medium - January 15, 2025

A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.

Directory traversal

The issue was addressed with improved input sanitization

CVE-2024-54540 - January 15, 2025

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

macOS Sequoia Symlink Validation Bypass Vulnerability

CVE-2024-44211 5.5 - Medium - December 20, 2024

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.

insecure temporary file

macOS Sequoia Arbitrary File Read Vulnerability in App Validation

CVE-2024-44195 7.5 - High - December 20, 2024

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.

macOS Sequoia Log Entries Sensitive Data Exposure

CVE-2024-44293 5.5 - Medium - December 20, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information.

macOS Sequoia: Sensitive User Data Exposure via Log Entries

CVE-2024-44292 5.5 - Medium - December 20, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.

Insecure Storage of Sensitive Information

macOS Login Window Protected Content Exposure Vulnerability

CVE-2024-44223 4.6 - Medium - December 20, 2024

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window.

macOS Sequoia Login Window Bypass Vulnerability

CVE-2024-44231 4.6 - Medium - December 20, 2024

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.

macOS Sequoia: Contact Information Leak via Log Entries

CVE-2024-44298 3.3 - Low - December 20, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts.

Insecure Storage of Sensitive Information

GarageBand Entitlement Validation Bypass Root Privilege Escalation Vulnerability

CVE-2023-42867 7.8 - High - December 20, 2024

This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.

Apple Multiple Products Denial-of-Service Vulnerability in Input Validation

CVE-2024-54538 7.5 - High - December 20, 2024

A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.

This issue was addressed by enabling hardened runtime

CVE-2024-54490 5.5 - Medium - December 12, 2024

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.

A logic issue was addressed with improved checks

CVE-2024-54529 7.8 - High - December 12, 2024

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.

An authorization issue was addressed with improved state management

CVE-2024-54466 5.3 - Medium - December 12, 2024

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password.

AuthZ

A path handling issue was addressed with improved validation

CVE-2024-54489 7.8 - High - December 12, 2024

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code.

A logic issue was addressed with improved file handling

CVE-2024-44291 7.8 - High - December 12, 2024

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-54506 9.8 - Critical - December 12, 2024

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2024-54531 5.5 - Medium - December 12, 2024

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.

A logic issue was addressed with improved state management

CVE-2024-54465 9.8 - Critical - December 12, 2024

A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.

The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2

CVE-2024-54491 3.3 - Low - December 12, 2024

The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.

The issue was resolved by sanitizing logging

CVE-2024-54484 5.5 - Medium - December 12, 2024

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Insertion of Sensitive Information into Log File

A privacy issue was addressed with improved private data redaction for log entries

CVE-2024-54504 5.5 - Medium - December 12, 2024

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.