iOS Apple iOS The iOS Operating System used by iPhones.

  1. Vendors
  2. Apple
  3. iOS

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Apple iOS.

Recent Apple iOS Security Advisories

Advisory Title Published
122281 iOS 18.3.2 and iPadOS 18.3.2 - Apple Security Content March 11, 2025
122174 iOS 18.3.1 and iPadOS 18.3.1 - Apple Security Content February 10, 2025
122066 iOS 18.3 and iPadOS 18.3 - Apple Security Content January 27, 2025
121837 iOS 18.2 and iPadOS 18.2 - Apple Security Content December 11, 2024
121754 iOS 17.7.2 and iPadOS 17.7.2 - Apple Security Content November 19, 2024
121752 iOS 18.1.1 and iPadOS 18.1.1 - Apple Security Content November 19, 2024
121563 iOS 18.1 and iPadOS 18.1 - Apple Security Content October 28, 2024
121567 iOS 17.7.1 and iPadOS 17.7.1 - Apple Security Content October 28, 2024
121373 iOS 18.0.1 and iPadOS 18.0.1 - Apple Security Content October 3, 2024
121246 iOS 17.7 and iPadOS 17.7 - Apple Security Content September 16, 2024

Known Exploited Apple iOS Vulnerabilities

The following Apple iOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple iOS Type Confusion Vulnerability Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
CVE-2022-42856 Exploit Probability: 0.1% 		December 14, 2022
Apple iOS Information Disclosure Vulnerability The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.
CVE-2016-4655 Exploit Probability: 82.5% 		May 24, 2022
Apple iOS Memory Corruption Vulnerability A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application.
CVE-2016-4656 Exploit Probability: 68.3% 		May 24, 2022
Apple iOS Webkit Memory Corruption Vulnerability WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site.
CVE-2016-4657 Exploit Probability: 79.2% 		May 24, 2022
Apple iOS Memory Corruption Vulnerability Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
CVE-2019-7287 Exploit Probability: 4.1% 		May 23, 2022
Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability An integer overflow was addressed with improved input validation vulnerability affecting iOS devices that allows for remote code execution.
CVE-2021-30860 Exploit Probability: 64.3% 		November 3, 2021
Apple WebKit Browser Engine Use-After-Free Vulnerability Use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-30762 Exploit Probability: 0.1% 		November 3, 2021
Apple iOS Privilege Escalation and Code Execution Chain A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-1782 Exploit Probability: 6.8% 		November 3, 2021
Apple iOS Privilege Escalation and Code Execution Chain A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-1870 Exploit Probability: 0.5% 		November 3, 2021
Apple iOS Privilege Escalation and Code Execution Chain A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-1871 Exploit Probability: 1.0% 		November 3, 2021
Apple iOS Webkit Browser Engine XSS Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-1879 Exploit Probability: 2.0% 		November 3, 2021
Apple iOS Webkit Storage Use-After-Free Remote Code Execution Vulnerability Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-30661 Exploit Probability: 0.2% 		November 3, 2021
Apple iOS12.x Buffer Overflow Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-30666 Exploit Probability: 0.9% 		November 3, 2021
Apple WebKit Browser Engine Memory Corruption Vulnerability Memory corruption issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-30761 Exploit Probability: 0.4% 		November 3, 2021

The vulnerability CVE-2016-4655: Apple iOS Information Disclosure Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 3 known exploited Apple iOS vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Apple iOS EOL Dates

Ensure that you are using a supported version of Apple iOS. Here are some end of life, and end of support dates for Apple iOS.

Release EOL Date Status
18 -
Active
18 -
Active
17 November 19, 2024
EOL

Apple iOS 17 became EOL in 2024 and supported ended in 2024
17 November 19, 2024
EOL

Apple iOS 17 became EOL in 2024 and supported ended in 2024
16 March 31, 2025
EOL

Apple iOS 16 became EOL in 2025 and supported ended in 2023
16 March 31, 2025
EOL

Apple iOS 16 became EOL in 2025 and supported ended in 2023
15 March 31, 2025
EOL

Apple iOS 15 became EOL in 2025 and supported ended in 2022
15 March 31, 2025
EOL

Apple iOS 15 became EOL in 2025 and supported ended in 2022
14 October 1, 2021
EOL

Apple iOS 14 became EOL in 2021 and supported ended in 2021
14 October 1, 2021
EOL

Apple iOS 14 became EOL in 2021 and supported ended in 2021
13 September 16, 2020
EOL

Apple iOS 13 became EOL in 2020 and supported ended in 2020
13 September 16, 2020
EOL

Apple iOS 13 became EOL in 2020 and supported ended in 2020
12 January 23, 2023
EOL

Apple iOS 12 became EOL in 2023 and supported ended in 2019
12 January 23, 2023
EOL

Apple iOS 12 became EOL in 2023 and supported ended in 2019
11 October 8, 2018
EOL

Apple iOS 11 became EOL in 2018 and supported ended in 2018
11 October 8, 2018
EOL

Apple iOS 11 became EOL in 2018 and supported ended in 2018
10 September 26, 2017
EOL

Apple iOS 10 became EOL in 2017 and supported ended in 2017
10 September 26, 2017
EOL

Apple iOS 10 became EOL in 2017 and supported ended in 2017
9 September 13, 2016
EOL

Apple iOS 9 became EOL in 2016 and supported ended in 2016
9 September 13, 2016
EOL

Apple iOS 9 became EOL in 2016 and supported ended in 2016

By the Year

In 2025 there have been 123 vulnerabilities in Apple iOS with an average score of 6.4 out of ten. Last year, in 2024 iOS had 319 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in iOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.39.




Year Vulnerabilities Average Score
2025 123 6.36
2024 319 5.97
2023 270 6.57
2022 244 7.09
2021 383 7.01
2020 252 7.09
2019 350 7.48
2018 100 7.39

It may take a day or so for new iOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple iOS Security Vulnerabilities

This issue was addressed with improved permissions checking

CVE-2025-31184 - March 31, 2025

This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2025-30456 - March 31, 2025

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.

The issue was addressed with improved restriction of data container access

CVE-2025-30463 - March 31, 2025

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

The issue was addressed with improved checks

CVE-2025-30467 - March 31, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.

This issue was addressed through improved state management

CVE-2025-30469 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.

A path handling issue was addressed with improved logic

CVE-2025-30470 - March 31, 2025

A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information.

A validation issue was addressed with improved logic

CVE-2025-30471 - March 31, 2025

A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.

This issue was addressed with improved handling of symlinks

CVE-2025-31182 - March 31, 2025

This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.

The issue was addressed with improved restriction of data container access

CVE-2025-31183 - March 31, 2025

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

This issue was addressed through improved state management

CVE-2025-31191 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

A buffer overflow was addressed with improved bounds checking

CVE-2025-24237 - March 31, 2025

A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.

A logic issue was addressed with improved checks

CVE-2025-24238 - March 31, 2025

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.

The issue was addressed with improved memory handling

CVE-2025-24243 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2025-24264 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

This issue was addressed through improved state management

CVE-2025-24178 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

This issue was addressed with additional entitlement checks

CVE-2025-24173 - March 31, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

This issue was addressed through improved state management

CVE-2025-24167 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.

A permissions issue was addressed with additional restrictions

CVE-2025-24097 - March 31, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to read arbitrary file metadata.

The issue was addressed with improved checks

CVE-2025-31192 - March 31, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

A path handling issue was addressed with improved validation

CVE-2025-30454 - March 31, 2025

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.

The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4

CVE-2025-30447 - March 31, 2025

The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

The issue was addressed with improved checks

CVE-2025-30439 - March 31, 2025

The issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An attacker with physical access to a locked device may be able to view sensitive user information.

This issue was addressed with improved access restrictions

CVE-2025-30438 - March 31, 2025

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.

An out-of-bounds write issue was addressed with improved input validation

CVE-2025-24257 - March 31, 2025

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory.

The issue was addressed with improved memory handling

CVE-2025-24244 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

This issue was addressed with improved data access restriction

CVE-2025-24221 - March 31, 2025

This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup.

This issue was addressed with improved redaction of sensitive information

CVE-2025-24217 - March 31, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

The issue was addressed with improved memory handling

CVE-2025-24216 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

A privacy issue was addressed by not logging contents of text fields

CVE-2025-24214 - March 31, 2025

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

This issue was addressed with improved checks

CVE-2025-24212 - March 31, 2025

This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

The issue was addressed with improved input validation

CVE-2025-24180 - March 31, 2025

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

An out-of-bounds read issue was addressed with improved input validation

CVE-2025-24182 - March 31, 2025

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory.

The issue was addressed with improved memory handling

CVE-2025-24190 - March 31, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

An out-of-bounds read issue was addressed with improved input validation

CVE-2025-24230 - March 31, 2025

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.

This issue was addressed with additional entitlement checks

CVE-2025-24095 - March 31, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences.

A logging issue was addressed with improved data redaction

CVE-2025-24283 - March 31, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

This issue was addressed through improved state management

CVE-2025-30425 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

This issue was addressed with additional entitlement checks

CVE-2025-30426 - March 31, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps.

A use-after-free issue was addressed with improved memory management

CVE-2025-30427 - March 31, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

This issue was addressed through improved state management

CVE-2025-30428 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.

A path handling issue was addressed with improved validation

CVE-2025-30429 - March 31, 2025

A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

This issue was addressed through improved state management

CVE-2025-30430 - March 31, 2025

This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication.

A logic issue was addressed with improved state management

CVE-2025-30432 - March 31, 2025

A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.

This issue was addressed with improved access restrictions

CVE-2025-30433 - March 31, 2025

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

The issue was addressed with improved input sanitization

CVE-2025-30434 - March 31, 2025

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.

This issue was addressed with improved handling of floats

CVE-2025-24213 - March 31, 2025

This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption.

This issue was addressed with improved memory handling

CVE-2025-24211 - March 31, 2025

This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

A logic error was addressed with improved error handling

CVE-2025-24210 - March 31, 2025

A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Parsing an image may lead to disclosure of user information.

A buffer overflow issue was addressed with improved memory handling

CVE-2025-24209 - March 31, 2025

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.

A permissions issue was addressed with additional restrictions

CVE-2025-24208 - March 31, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.

An authorization issue was addressed with improved state management

CVE-2025-24205 - March 31, 2025

An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.

A logging issue was addressed with improved data redaction

CVE-2025-24202 - March 31, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

This issue was addressed by restricting options offered on a locked device

CVE-2025-24198 - March 31, 2025

This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access may be able to use Siri to access sensitive user data.

A logic issue was addressed with improved checks

CVE-2025-24194 - March 31, 2025

A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may result in the disclosure of process memory.

This issue was addressed with improved authentication

CVE-2025-24193 - March 31, 2025

This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.

A script imports issue was addressed with improved isolation

CVE-2025-24192 - March 31, 2025

A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data.

The issue was addressed with improved memory handling

CVE-2024-54551 - March 21, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.

This issue was addressed through improved state management

CVE-2024-54564 - March 21, 2025

This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.

This issue was addressed by using HTTPS when sending information over the network

CVE-2024-44276 - March 17, 2025

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.

A logic issue was addressed with improved file handling

CVE-2024-54525 - March 17, 2025

A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions

CVE-2025-24201 8.8 - High - March 11, 2025

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Memory Corruption

A double free issue was addressed with improved memory management

CVE-2022-43454 - March 10, 2025

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed through improved state management

CVE-2022-48610 - March 10, 2025

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.

This issue was addressed by restricting options offered on a locked device

CVE-2024-44179 - March 10, 2025

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen.

A clickjacking issue was addressed with improved out-of-process view handling

CVE-2024-54558 - March 10, 2025

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.

The issue was addressed with improved checks

CVE-2024-44192 5.5 - Medium - March 10, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved memory handling

CVE-2024-44227 7.5 - High - March 10, 2025

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.

Resource Exhaustion

A cookie management issue was addressed with improved state management

CVE-2024-54467 6.5 - Medium - March 10, 2025

A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

The issue was addressed with improved checks

CVE-2024-54469 5.5 - Medium - March 10, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.

Information Disclosure

A logic issue was addressed with improved checks

CVE-2024-54560 5.5 - Medium - March 10, 2025

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.

An authorization issue was addressed with improved state management

CVE-2025-24200 6.1 - Medium - February 10, 2025

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

AuthZ

The issue was addressed with improved memory handling

CVE-2024-54658 6.5 - Medium - February 10, 2025

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.

The issue was addressed with improved memory handling

CVE-2024-27859 8.8 - High - February 10, 2025

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved UI

CVE-2025-24113 4.3 - Medium - January 27, 2025

The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.

A permissions issue was addressed with additional restrictions

CVE-2025-24107 7.8 - High - January 27, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges.

The issue was addressed by adding additional logic

CVE-2025-24128 4.3 - Medium - January 27, 2025

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing.

An authentication issue was addressed with improved state management

CVE-2024-54542 - January 27, 2025

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication.

A use-after-free issue was addressed with improved memory management

CVE-2024-54499 8.8 - High - January 27, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Dangling pointer

The issue was addressed with improved bounds checks

CVE-2024-54518 5.3 - Medium - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Out-of-bounds Read

The issue was addressed with improved checks

CVE-2024-54468 8.2 - High - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to break out of its sandbox.

An out-of-bounds access issue was addressed with improved bounds checking

CVE-2024-54478 6.5 - Medium - January 27, 2025

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Out-of-bounds Read

This issue was addressed with improved handling of symlinks

CVE-2025-24104 5.5 - Medium - January 27, 2025

This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.

insecure temporary file

A privacy issue was addressed with improved private data redaction for log entries

CVE-2025-24145 3.3 - Low - January 27, 2025

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.

Insertion of Sensitive Information into Log File

The issue was addressed with improved memory handling

CVE-2025-24086 5.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.

A use after free issue was addressed with improved memory management

CVE-2025-24085 7.8 - High - January 27, 2025

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Dangling pointer

The issue was addressed with improved checks

CVE-2025-24124 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24123 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24163 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24161 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24160 - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved checks

CVE-2025-24127 5.5 - Medium - January 27, 2025

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

A type confusion issue was addressed with improved checks

CVE-2025-24137 - January 27, 2025

A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.

A null pointer dereference was addressed with improved input validation

CVE-2025-24177 7.5 - High - January 27, 2025

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.

NULL Pointer Dereference

The issue was addressed with improved memory handling

CVE-2025-24131 6.5 - Medium - January 27, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.

A type confusion issue was addressed with improved checks

CVE-2025-24129 7.5 - High - January 27, 2025

A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.

Object Type Confusion

An input validation issue was addressed

CVE-2025-24126 7.3 - High - January 27, 2025

An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.

An authentication issue was addressed with improved state management

CVE-2025-24141 3.3 - Low - January 27, 2025

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.

An out-of-bounds read was addressed with improved bounds checking

CVE-2025-24149 5.5 - Medium - January 27, 2025

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.

Out-of-bounds Read

This issue was addressed with improved redaction of sensitive information

CVE-2025-24117 5.5 - Medium - January 27, 2025

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.

Insecure Storage of Sensitive Information

The issue was addressed with improved bounds checks

CVE-2024-54517 7.8 - High - January 27, 2025

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple iOS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple iOS
The iOS Operating System used by iPhones.

subscribe