Apple iPadOS Apple iPad Operating System

iOS/iPadOS OOB Write in Image Parser before 15.8.5/16.7.12
CVE-2025-43300 10 - Critical - August 21, 2025

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Memory Corruption

iPadOS/iOS Privacy Indicator Misdisplay before iOS 18.6
CVE-2025-43217 4 - Medium - July 30, 2025

The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6. Privacy Indicators for microphone or camera access may not be correctly displayed.

Privacy violation

UAF DoS in Apple macOS/iPadOS (fixed 15.6/17.7.9)
CVE-2025-43222 9.8 - Critical - July 30, 2025

A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An attacker may be able to cause unexpected app termination.

Dangling pointer

Apple macOS/iOS DoS & Network Setting Mod (Pre-13.7.7/14.7.7)
CVE-2025-43223 7.5 - High - July 30, 2025

A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged user may be able to modify restricted network settings.

Improper Input Validation

Apple macOS/iPadOS Symlink Validation (fixed 17.7.9/15.6/14.7.7/13.7.7)
CVE-2025-43220 9.8 - Critical - July 30, 2025

This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.

insecure temporary file

Apple iOS/iPadOS PrivEsc – Data Leak (CVE-2025-43230)
CVE-2025-43230 4 - Medium - July 30, 2025

The issue was addressed with additional permissions checks. This issue is fixed in iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. An app may be able to access user-sensitive data.

AuthZ

Apple OS Permission Leak Allows User Fingerprinting (pre-15.6)
CVE-2025-31279 9.8 - Critical - July 30, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint the user.

Information Disclosure

Apple Safari OOB Crash via Bad Web Content – fixed in macOS Sequoia 15.6
CVE-2025-43209 9.8 - Critical - July 30, 2025

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, visionOS 2.6, macOS Ventura 13.7.7. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Memory Corruption

Apple WatchOS OOB Read via Malicious Image | Fixed 11.6
CVE-2025-43226 4 - Medium - July 30, 2025

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may result in disclosure of process memory.

Out-of-bounds Read

RCE: Unexpected Termination in Apple OS (iOS/iPadOS/macOS) v<18.5/17.7.9/13.7
CVE-2025-24224 7.5 - High - July 30, 2025

The issue was addressed with improved checks. This issue is fixed in tvOS 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5, macOS Ventura 13.7.7. A remote attacker may be able to cause unexpected system termination.

Improper Check for Unusual or Exceptional Conditions

Apple iOS/iPadOS Remote Images bypass (Load Remote Images off)
CVE-2025-31276 5.3 - Medium - July 30, 2025

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.

Privacy violation

Apple Safari UAF DoS (before 18.6)
CVE-2025-43216 6.5 - Medium - July 30, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Dangling pointer

Apple Safari & OSes DoS via memory handling (fixed 18.6)
CVE-2025-43211 6.2 - Medium - July 30, 2025

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.

Allocation of Resources Without Limits or Throttling

Apple Safari Memory Corruption (before 18.6)
CVE-2025-31278 8.8 - High - July 30, 2025

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

Buffer Overflow

macOS/iPadOS Data Leak via Logging (fixed in 15.6/17.7.9)
CVE-2025-43225 5.5 - Medium - July 30, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.

Insertion of Sensitive Information into Log File

ANGLE/GPU sandbox escape in Chrome prior 138.0.7204.157
CVE-2025-6558 8.8 - High - July 15, 2025

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Improper Input Validation

Type Confusion via Shared psvi Field in libxslt XML Transform
CVE-2025-7424 7.5 - High - July 10, 2025

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Object Type Confusion

Unauthi Auth Bypass in iCloud Folder Sharing on Apple OSes (pre-14.7.6)
CVE-2025-30448 9.1 - Critical - May 12, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

AuthZ

Apple OS Double Free (app termination) fixed in watchOS 11.5, macOS 14.7.6
CVE-2025-31241 5.3 - Medium - May 12, 2025

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

Double-free

Apple OS Image DoS via Logic flaw, fixed in watchOS 11.5
CVE-2025-31226 5.5 - Medium - May 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.

Resource Exhaustion

Safari Type Confusion Crash Fix in iOS 18.5, macOS 15.5, Safari 18.5
CVE-2025-31206 4.3 - Medium - May 12, 2025

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Object Type Confusion

Apple OS Kernel State Disclosure Fixed in macOS Sequoia 15.3, Sonoma 14.7.6
CVE-2025-24144 5.5 - Medium - May 12, 2025

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.

Information Disclosure

iOS/iPadOS WebKit DoS via Web Content before 17.7.7/18.5
CVE-2025-31210 6.5 - Medium - May 12, 2025

The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service.

Resource Exhaustion

macOS kernel memory corruption causing system crash pre-15.3
CVE-2025-24111 5.5 - Medium - May 12, 2025

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

Buffer Overflow

AVFoundation Video Input Sanitation DoS CVE-2025-31233 (iOS 18.5+)
CVE-2025-31233 6.3 - Medium - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

Improper Input Validation

Apple OS UAF mitigated; fixed in watchOS 11.5, macOS 14.7.6, iOS 18.5
CVE-2025-31239 4.3 - Medium - May 12, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

Dangling pointer

Apple OS OOB Read CVE-2025-31196 fixed in iPadOS 17.7.7 & macOS 13.7.6/14.7.6
CVE-2025-31196 5.5 - Medium - May 12, 2025

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

Out-of-bounds Read

Apple iOS/iPadOS UI Spoofing via Email Input Injection Before 18.5/17.7.7
CVE-2025-24225 6.5 - Medium - May 12, 2025

An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.

XSS

iOS/iPadOS 18.5/17.7.7 Physical Access Note Leak via Lock Screen
CVE-2025-31228 6.8 - Medium - May 12, 2025

The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen.

authentification

Apple OS Unexpected Termination via App (fixed in macOS 14.7.6, 13.7.6)
CVE-2025-31245 5.5 - Medium - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.

Resource Exhaustion

Apple iOS/iPadOS - read persistent device ID before 18.4
CVE-2025-24220 5.5 - Medium - May 12, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier.

Information Disclosure

Apple OS Integer Overflow Memory Leak in 11.5-18.5 (watchOS, iOS, macOS etc.)
CVE-2025-31221 7.5 - High - May 12, 2025

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.

Integer Overflow or Wraparound

Apple iCloud Keychain Logging Disclosure Pre-17.7.7
CVE-2025-31213 7.6 - High - May 12, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.

Insertion of Sensitive Information into Log File

Apple macOS/iPadOS Log Redaction Privacy Flaw (CVE-2025-31242)
CVE-2025-31242 5.5 - Medium - May 12, 2025

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.

Information Disclosure

Apple iPadOS/macOS location leak fixed in 17.7.7 & 13.7.6
CVE-2025-31220 5.5 - Medium - May 12, 2025

A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.

Information Disclosure

Apple OS Kernel Memory Corruption before 15.5
CVE-2025-31219 7.1 - High - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

Buffer Overflow

Safari Web Content Crash CVE-2025-31215 fixed 18.5
CVE-2025-31215 6.5 - Medium - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Improper Input Validation

Safari < 18.5 CVE-2025-31217: Crash via Malicious Web Content
CVE-2025-31217 6.5 - Medium - May 12, 2025

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Improper Input Validation

Apple OS File Parser OOB Read – Fixed in watchOS 11.5, macOS 14.7.6, iOS 18.5
CVE-2025-31209 6.3 - Medium - May 12, 2025

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.

Out-of-bounds Read

Apple OS File Parsing Crash in watchOS Pre-11.5, iOS Pre-18.5
CVE-2025-31208 7.5 - High - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

Improper Input Validation

Apple OS Media File Crash via Improper Sanitization before 13.7.6
CVE-2025-31251 5.5 - Medium - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Resource Exhaustion

Double Free Vulnerability in iPadOS/macOS Memory Manager (fixed in 17.7.7/13.7.6/15.5/14.7.6)
CVE-2025-31235 6.5 - Medium - May 12, 2025

A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.

Double-free

Apple OS Local Network Info Leak (macOS/iOS/tvOS) Fixed 15.4
CVE-2025-24270 - April 29, 2025

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.

macOS Ventura 13.7.5 AirPlay Unauth Cmd Injection
CVE-2025-24271 - April 29, 2025

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.

Apple macOS integer overflow allows local network DoS (CVE-2025-31203)
CVE-2025-31203 - April 29, 2025

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

Apple OS CVE-2025-31197: App Crash via Local Network on macOS/iOS <15.4
CVE-2025-31197 - April 29, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

Apple OS NULL ptr deref local network DoS fixed in 18.3/13.7.5
CVE-2025-24179 - April 29, 2025

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.

Apple OS Local Network App Crash (CVE-2025-24251) – before 15.4/13.7.5/14.7.5
CVE-2025-24251 - April 29, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

Apple Auth Bypass via State Mgmt Flaw (fixed in macOS 13.7.5/14.7.5/15.4)
CVE-2025-24206 7.7 - High - April 29, 2025

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.

Authentication Bypass Using an Alternate Path or Channel

Apple OS Use-After-Free (pre-15.4, Sequoia)
CVE-2025-24252 8.8 - High - April 29, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.

Dangling pointer