Apple iPad OS Apple iPad Operating System
By the Year
In 2023 there have been 16 vulnerabilities in Apple iPad OS with an average score of 6.7 out of ten. Last year iPad OS had 60 security vulnerabilities published. Right now, iPad OS is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.58
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 16 | 6.74 |
2022 | 60 | 7.33 |
2021 | 113 | 7.09 |
2020 | 144 | 7.06 |
2019 | 1 | 7.40 |
2018 | 0 | 0.00 |
It may take a day or so for new iPad OS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple iPad OS Security Vulnerabilities
The issue was addressed with improved memory handling
CVE-2023-27956
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory
The issue was addressed with additional permissions checks
CVE-2023-27963
7.5 - High
- May 08, 2023
The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user
A use after free issue was addressed with improved memory management
CVE-2023-27969
7.8 - High
- May 08, 2023
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
Dangling pointer
The issue was addressed with improved authentication
CVE-2023-28182
6.5 - Medium
- May 08, 2023
The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device
authentification
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2023-27970
7.8 - High
- May 08, 2023
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
Memory Corruption
A logic issue was addressed with improved validation
CVE-2023-28178
5.5 - Medium
- May 08, 2023
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to bypass Privacy preferences
The issue was addressed with improved checks
CVE-2023-28194
3.3 - Low
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen
This issue was addressed with improved state management
CVE-2023-28201
9.8 - Critical
- May 08, 2023
This issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-27946
7.8 - High
- May 08, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Out-of-bounds Read
An out-of-bounds read was addressed with improved input validation
CVE-2023-27949
7.8 - High
- May 08, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution
Out-of-bounds Read
Multiple validation issues were addressed with improved input sanitization
CVE-2023-27961
5.5 - Medium
- May 08, 2023
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information
Improper Input Validation
The issue was addressed with improved memory handling
CVE-2023-28181
7.8 - High
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.7, macOS Ventura 13.3, tvOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
A validation issue was addressed with improved input sanitization
CVE-2023-28200
5.5 - Medium
- May 08, 2023
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory
Improper Input Validation
The issue was addressed by removing origin information
CVE-2023-27954
6.5 - Medium
- May 08, 2023
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information
The issue was addressed with improved checks
CVE-2023-27955
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files
The issue was addressed with improved memory handling
CVE-2023-27959
7.8 - High
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges
The issue was addressed with improved bounds checks
CVE-2022-46701
7.8 - High
- December 15, 2022
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
Buffer Overflow
The issue was addressed with improved memory handling
CVE-2022-46702
5.5 - Medium
- December 15, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
A memory corruption issue was addressed with improved input validation
CVE-2022-46700
8.8 - High
- December 15, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-42829
6.7 - Medium
- November 01, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
Dangling pointer
The issue was addressed with improved memory handling
CVE-2022-42830
6.7 - Medium
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
A race condition was addressed with improved locking
CVE-2022-42831
6.4 - Medium
- November 01, 2022
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
Race Condition
A race condition was addressed with improved locking
CVE-2022-42832
6.4 - Medium
- November 01, 2022
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
Race Condition
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-32888
8.8 - High
- November 01, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
An access issue was addressed with improvements to the sandbox
CVE-2022-32892
8.6 - High
- November 01, 2022
An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.
The issue was addressed with improved memory handling
CVE-2022-32898
7.8 - High
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2022-32899
7.8 - High
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
A use after free issue was addressed with improved memory management
CVE-2022-32922
8.8 - High
- November 01, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.
Dangling pointer
A correctness issue in the JIT was addressed with improved checks
CVE-2022-32923
6.5 - Medium
- November 01, 2022
A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.
The issue was addressed with improved memory handling
CVE-2022-32924
7.8 - High
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved bounds checks
CVE-2022-32926
6.7 - Medium
- November 01, 2022
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2022-32927
7.5 - High
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.
A permissions issue was addressed with additional restrictions
CVE-2022-32929
5.5 - Medium
- November 01, 2022
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
The issue was addressed with improved memory handling
CVE-2022-32932
7.8 - High
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
A lock screen issue was addressed with improved state management
CVE-2022-32935
4.6 - Medium
- November 01, 2022
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.
A parsing issue in the handling of directory paths was addressed with improved path validation
CVE-2022-32938
5.3 - Medium
- November 01, 2022
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.
The issue was addressed with improved bounds checks
CVE-2022-32939
7.8 - High
- November 01, 2022
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved bounds checks
CVE-2022-32940
7.8 - High
- November 01, 2022
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved bounds checks
CVE-2022-32941
9.8 - Critical
- November 01, 2022
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.
Classic Buffer Overflow
A memory corruption issue was addressed with improved state management
CVE-2022-32944
7.8 - High
- November 01, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved entitlements
CVE-2022-32946
5.5 - Medium
- November 01, 2022
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
The issue was addressed with improved memory handling
CVE-2022-32947
7.8 - High
- November 01, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-32787
8.8 - High
- September 23, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
An out-of-bounds read was addressed with improved input validation
CVE-2020-36521
7.1 - High
- September 23, 2022
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
Out-of-bounds Read
The issue was addressed with improved memory handling
CVE-2022-32841
5.5 - Medium
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.
The issue was addressed with improved memory handling
CVE-2022-32832
6.7 - Medium
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved checks
CVE-2022-32847
9.1 - Critical
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
This issue was addressed with improved checks
CVE-2022-32845
10 - Critical
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.
This issue was addressed with improved checks
CVE-2022-32829
7.8 - High
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2022-32828
5.5 - Medium
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.
The issue was addressed with improved memory handling
CVE-2022-32825
5.5 - Medium
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.
A memory initialization issue was addressed with improved memory handling
CVE-2022-32823
5.5 - Medium
- September 23, 2022
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.
Improper Initialization
A memory corruption issue was addressed with improved validation
CVE-2022-32821
7.8 - High
- September 23, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
An information disclosure issue was addressed by removing the vulnerable code
CVE-2022-32849
5.5 - Medium
- September 23, 2022
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
An authorization issue was addressed with improved state management
CVE-2022-32826
7.8 - High
- September 23, 2022
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-32820
7.8 - High
- September 23, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A logic issue was addressed with improved state management
CVE-2022-32819
7.8 - High
- September 23, 2022
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.
An out-of-bounds read issue was addressed with improved bounds checking
CVE-2022-32817
5.5 - Medium
- September 23, 2022
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.
Out-of-bounds Read
The issue was addressed with improved memory handling
CVE-2022-32815
7.8 - High
- September 23, 2022
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-32792
8.8 - High
- September 23, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
This issue was addressed with improved checks
CVE-2022-32790
7.5 - High
- September 23, 2022
This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.
A memory corruption issue was addressed with improved state management
CVE-2022-26700
8.8 - High
- September 23, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.
A memory corruption issue was addressed with improved state management
CVE-2022-22610
8.8 - High
- September 23, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.
The issue was addressed with improved UI handling
CVE-2022-32816
6.5 - Medium
- September 23, 2022
The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.
A null pointer dereference was addressed with improved validation
CVE-2022-32785
5.5 - Medium
- September 23, 2022
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.
NULL Pointer Dereference
This issue was addressed by enabling hardened runtime
CVE-2022-32781
4.4 - Medium
- September 23, 2022
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.
A logic issue was addressed with improved state management
CVE-2022-22637
8.8 - High
- September 23, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.
A use after free issue was addressed with improved memory management
CVE-2022-22628
8.8 - High
- September 23, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Dangling pointer
A use after free issue was addressed with improved memory management
CVE-2022-22624
8.8 - High
- September 23, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Dangling pointer
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
CVE-2022-37434
9.8 - Critical
- August 05, 2022
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Memory Corruption
A memory corruption issue was addressed with improved state management
CVE-2022-26768
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A logic issue was addressed with improved state management
CVE-2022-26731
4.3 - Medium
- May 26, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26736
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26737
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26738
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called
CVE-2022-26981
7.8 - High
- March 13, 2022
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
Classic Buffer Overflow
An out-of-bounds write was addressed with improved input validation
CVE-2020-9897
7.8 - High
- October 28, 2021
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.
Memory Corruption
A logic issue was addressed with improved restrictions
CVE-2021-30823
6.5 - Medium
- October 28, 2021
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.
A logic issue was addressed with improved state management
CVE-2021-30834
7.8 - High
- October 28, 2021
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.
A memory corruption issue was addressed with improved memory handling
CVE-2021-30807
7.8 - High
- October 19, 2021
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
A race condition was addressed with improved locking
CVE-2021-1884
5.9 - Medium
- September 08, 2021
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.
Race Condition
Copied files may not have the expected file permissions
CVE-2021-1832
5.5 - Medium
- September 08, 2021
Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.
Incorrect Default Permissions
An out-of-bounds read was addressed with improved input validation
CVE-2021-1852
5.5 - Medium
- September 08, 2021
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.
Out-of-bounds Read
A logic issue was addressed with improved state management
CVE-2021-30727
5.5 - Medium
- September 08, 2021
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system.
An out-of-bounds write was addressed with improved input validation
CVE-2021-30743
7.8 - High
- September 08, 2021
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
A memory consumption issue was addressed with improved memory handling
CVE-2021-30742
7.8 - High
- September 08, 2021
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management
CVE-2021-30741
7.1 - High
- September 08, 2021
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
Dangling pointer
A logic issue was addressed with improved validation
CVE-2021-30740
7.8 - High
- September 08, 2021
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges.
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code
CVE-2021-30737
8.8 - High
- September 08, 2021
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.
Memory Corruption
A buffer overflow was addressed with improved size validation
CVE-2021-30736
7.8 - High
- September 08, 2021
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
Multiple memory corruption issues were addressed with improved memory handling
CVE-2021-30734
8.8 - High
- September 08, 2021
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A logic issue was addressed with improved restrictions
CVE-2021-30729
7.5 - High
- September 08, 2021
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.
This issue was addressed with improved checks
CVE-2021-30724
7.8 - High
- September 08, 2021
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.
A memory corruption issue was addressed with improved state management
CVE-2021-30725
7.8 - High
- September 08, 2021
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Memory Corruption
An integer overflow was addressed through improved input validation
CVE-2021-30760
7.8 - High
- September 08, 2021
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.
Integer Overflow or Wraparound
Processing a maliciously crafted image may lead to arbitrary code execution
CVE-2021-30752
7.8 - High
- September 08, 2021
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation.
Out-of-bounds Read
Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2021-30753
5.5 - Medium
- September 08, 2021
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.
Out-of-bounds Read
An information disclosure issue was addressed with improved state management
CVE-2021-30723
5.5 - Medium
- September 08, 2021
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins
CVE-2021-30744
6.1 - Medium
- September 08, 2021
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
XSS
An out-of-bounds read was addressed with improved input validation
CVE-2021-30733
5.5 - Medium
- September 08, 2021
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple iPad OS or by Apple? Click the Watch button to subscribe.
