iPad OS Apple iPad OS Apple iPad Operating System

Do you want an email whenever new security vulnerabilities are reported in Apple iPad OS?

By the Year

In 2022 there have been 57 vulnerabilities in Apple iPad OS with an average score of 7.3 out of ten. Last year iPad OS had 113 security vulnerabilities published. Right now, iPad OS is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.24.

Year Vulnerabilities Average Score
2022 57 7.32
2021 113 7.09
2020 144 7.06
2019 1 7.40
2018 0 0.00

It may take a day or so for new iPad OS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple iPad OS Security Vulnerabilities

A use after free issue was addressed with improved memory management

CVE-2022-42829 6.7 - Medium - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved memory handling

CVE-2022-42830 6.7 - Medium - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

A race condition was addressed with improved locking

CVE-2022-42831 6.4 - Medium - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Race Condition

A race condition was addressed with improved locking

CVE-2022-42832 6.4 - Medium - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Race Condition

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32888 8.8 - High - November 01, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

An access issue was addressed with improvements to the sandbox

CVE-2022-32892 8.6 - High - November 01, 2022

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

The issue was addressed with improved memory handling

CVE-2022-32898 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32899 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

A use after free issue was addressed with improved memory management

CVE-2022-32922 8.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A correctness issue in the JIT was addressed with improved checks

CVE-2022-32923 6.5 - Medium - November 01, 2022

A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.

The issue was addressed with improved memory handling

CVE-2022-32924 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32926 6.7 - Medium - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32927 7.5 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.

A permissions issue was addressed with additional restrictions

CVE-2022-32929 5.5 - Medium - November 01, 2022

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.

The issue was addressed with improved memory handling

CVE-2022-32932 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

A lock screen issue was addressed with improved state management

CVE-2022-32935 4.6 - Medium - November 01, 2022

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2022-32938 5.3 - Medium - November 01, 2022

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.

The issue was addressed with improved bounds checks

CVE-2022-32939 7.8 - High - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32940 7.8 - High - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32941 9.8 - Critical - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.

Classic Buffer Overflow

A memory corruption issue was addressed with improved state management

CVE-2022-32944 7.8 - High - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved entitlements

CVE-2022-32946 5.5 - Medium - November 01, 2022

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

The issue was addressed with improved memory handling

CVE-2022-32947 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

A use after free issue was addressed with improved memory management

CVE-2022-22624 8.8 - High - September 23, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A use after free issue was addressed with improved memory management

CVE-2022-22628 8.8 - High - September 23, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A logic issue was addressed with improved state management

CVE-2022-22637 8.8 - High - September 23, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

This issue was addressed by enabling hardened runtime

CVE-2022-32781 4.4 - Medium - September 23, 2022

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.

A null pointer dereference was addressed with improved validation

CVE-2022-32785 5.5 - Medium - September 23, 2022

A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.

NULL Pointer Dereference

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32787 8.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2022-22610 8.8 - High - September 23, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.

A memory corruption issue was addressed with improved state management

CVE-2022-26700 8.8 - High - September 23, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.

This issue was addressed with improved checks

CVE-2022-32790 7.5 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-32792 8.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

The issue was addressed with improved memory handling

CVE-2022-32815 7.8 - High - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved UI handling

CVE-2022-32816 6.5 - Medium - September 23, 2022

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.

An out-of-bounds read issue was addressed with improved bounds checking

CVE-2022-32817 5.5 - Medium - September 23, 2022

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2022-32819 7.8 - High - September 23, 2022

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-32820 7.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An authorization issue was addressed with improved state management

CVE-2022-32826 7.8 - High - September 23, 2022

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

An information disclosure issue was addressed by removing the vulnerable code

CVE-2022-32849 5.5 - Medium - September 23, 2022

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

A memory corruption issue was addressed with improved validation

CVE-2022-32821 7.8 - High - September 23, 2022

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

A memory initialization issue was addressed with improved memory handling

CVE-2022-32823 5.5 - Medium - September 23, 2022

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.

Improper Initialization

The issue was addressed with improved memory handling

CVE-2022-32825 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

The issue was addressed with improved memory handling

CVE-2022-32828 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

This issue was addressed with improved checks

CVE-2022-32829 7.8 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2022-32845 10 - Critical - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.

This issue was addressed with improved checks

CVE-2022-32847 9.1 - Critical - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

The issue was addressed with improved memory handling

CVE-2022-32832 6.7 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32841 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.

An out-of-bounds read was addressed with improved input validation

CVE-2020-36521 7.1 - High - September 23, 2022

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

Out-of-bounds Read

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

CVE-2022-37434 9.8 - Critical - August 05, 2022

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2022-26768 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2022-26731 4.3 - Medium - May 26, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26736 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26737 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26738 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called

CVE-2022-26981 7.8 - High - March 13, 2022

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

Classic Buffer Overflow

An out-of-bounds write was addressed with improved input validation

CVE-2020-9897 7.8 - High - October 28, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved restrictions

CVE-2021-30823 6.5 - Medium - October 28, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

A logic issue was addressed with improved state management

CVE-2021-30834 7.8 - High - October 28, 2021

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30807 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

A race condition was addressed with improved locking

CVE-2021-1884 5.9 - Medium - September 08, 2021

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.

Race Condition

An out-of-bounds read was addressed with improved input validation

CVE-2021-1852 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.

Out-of-bounds Read

Copied files may not have the expected file permissions

CVE-2021-1832 5.5 - Medium - September 08, 2021

Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.

Incorrect Default Permissions

A memory consumption issue was addressed with improved memory handling

CVE-2021-30742 7.8 - High - September 08, 2021

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Resource Exhaustion

An integer overflow was addressed through improved input validation

CVE-2021-30760 7.8 - High - September 08, 2021

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

Integer Overflow or Wraparound

Processing a maliciously crafted image may lead to arbitrary code execution

CVE-2021-30752 7.8 - High - September 08, 2021

Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation.

Out-of-bounds Read

Processing a maliciously crafted font may result in the disclosure of process memory

CVE-2021-30753 5.5 - Medium - September 08, 2021

Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.

Out-of-bounds Read

An information disclosure issue was addressed with improved state management

CVE-2021-30723 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

A memory corruption issue was addressed with improved state management

CVE-2021-30725 7.8 - High - September 08, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Memory Corruption

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30749 8.8 - High - September 08, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins

CVE-2021-30744 6.1 - Medium - September 08, 2021

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

XSS

An out-of-bounds read was addressed with improved input validation

CVE-2021-30746 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2021-30727 5.5 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system.

An out-of-bounds read was addressed with improved input validation

CVE-2021-30733 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

Out-of-bounds Read

A logic issue was addressed with improved restrictions

CVE-2021-30720 5.4 - Medium - September 08, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

authentification

This issue was addressed with improved checks

CVE-2021-30724 7.8 - High - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.

A logic issue was addressed with improved restrictions

CVE-2021-30729 7.5 - High - September 08, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30734 8.8 - High - September 08, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A buffer overflow was addressed with improved size validation

CVE-2021-30736 7.8 - High - September 08, 2021

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.

Classic Buffer Overflow

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code

CVE-2021-30737 8.8 - High - September 08, 2021

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved validation

CVE-2021-30740 7.8 - High - September 08, 2021

A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges.

A use after free issue was addressed with improved memory management

CVE-2021-30741 7.1 - High - September 08, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

Dangling pointer

An out-of-bounds write was addressed with improved input validation

CVE-2021-30743 7.8 - High - September 08, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

An input validation issue was addressed with improved memory handling

CVE-2021-30881 7.8 - High - August 24, 2021

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution.

Improper Input Validation

A permissions issue was addressed with improved validation

CVE-2021-31000 3.3 - Low - August 24, 2021

A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

Incorrect Default Permissions

A memory corruption vulnerability was addressed with improved locking

CVE-2021-30851 8.8 - High - August 24, 2021

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

Memory Corruption

A type confusion issue was addressed with improved memory handling

CVE-2021-30852 8.8 - High - August 24, 2021

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

A logic issue was addressed with improved state management

CVE-2021-30854 8.6 - High - August 24, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions.

A validation issue existed in the handling of symlinks

CVE-2021-30855 5.5 - Medium - August 24, 2021

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.

insecure temporary file

A race condition was addressed with improved locking

CVE-2021-30857 7 - High - August 24, 2021

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Race Condition

A type confusion issue was addressed with improved state handling

CVE-2021-30859 7.8 - High - August 24, 2021

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.

Object Type Confusion

An access issue was addressed with improved access restrictions

CVE-2021-31001 6.5 - Medium - August 24, 2021

An access issue was addressed with improved access restrictions. This issue is fixed in iOS 15 and iPadOS 15. An attacker in a privileged network position may be able to leak sensitive user information.

AuthZ

This issue was addressed by improving Face ID anti-spoofing models

CVE-2021-30863 6.8 - Medium - August 24, 2021

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 15 and iPadOS 15. A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID.

A user privacy issue was addressed by removing the broadcast MAC address

CVE-2021-30866 6.5 - Medium - August 24, 2021

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A device may be passively tracked by its WiFi MAC address.

Description: A logic issue was addressed with improved state management

CVE-2021-31005 7.5 - High - August 24, 2021

Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types.

A logic issue existed in the handling of document loads

CVE-2021-30870 6.5 - Medium - August 24, 2021

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers.

An authorization issue was addressed with improved state management

CVE-2021-30874 7.5 - High - August 24, 2021

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.

AuthZ

A lock screen issue allowed access to contacts on a locked device

CVE-2021-30875 3.3 - Low - August 24, 2021

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen.

Information Disclosure

A race condition was addressed with improved locking

CVE-2021-30923 7 - High - August 24, 2021

A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Race Condition

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple iOS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple iPad OS
Apple iPad Operating System

subscribe