Apple iPad OS Apple iPad Operating System

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1

CVE-2023-5217 8.8 - High - September 28, 2023

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

A certificate validation issue was addressed

CVE-2023-41991 5.5 - Medium - September 21, 2023

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Improper Certificate Validation

The issue was addressed with improved checks

CVE-2023-41992 7.8 - High - September 21, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Improper Check for Unusual or Exceptional Conditions

The issue was addressed with improved checks

CVE-2023-41993 9.8 - Critical - September 21, 2023

The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Improper Check for Unusual or Exceptional Conditions

A logic issue was addressed with improved state management

CVE-2023-28208 4.3 - Medium - September 06, 2023

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.

The issue was addressed with improved memory handling

CVE-2023-32425 7.8 - High - September 06, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.

This issue was addressed with improved file handling

CVE-2023-32428 7.8 - High - September 06, 2023

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-32432 5.5 - Medium - September 06, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

This issue was addressed with improved checks to prevent unauthorized actions

CVE-2023-32438 5.5 - Medium - September 06, 2023

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.

A permissions issue was addressed with improved redaction of sensitive information

CVE-2023-34352 5.3 - Medium - September 06, 2023

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

Incorrect Default Permissions

The issue was addressed with improved memory handling

CVE-2023-38136 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2023-38261 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2023-27956 5.5 - Medium - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.

The issue was addressed with additional permissions checks

CVE-2023-27963 7.5 - High - May 08, 2023

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.

A use after free issue was addressed with improved memory management

CVE-2023-27969 7.8 - High - May 08, 2023

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved authentication

CVE-2023-28182 6.5 - Medium - May 08, 2023

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.

authentification

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2023-27970 7.8 - High - May 08, 2023

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved validation

CVE-2023-28178 5.5 - Medium - May 08, 2023

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences.

The issue was addressed with improved checks

CVE-2023-28194 3.3 - Low - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen.

This issue was addressed with improved state management

CVE-2023-28201 9.8 - Critical - May 08, 2023

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution.

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-27946 7.8 - High - May 08, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2023-27949 7.8 - High - May 08, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Out-of-bounds Read

Multiple validation issues were addressed with improved input sanitization

CVE-2023-27961 5.5 - Medium - May 08, 2023

Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.

Improper Input Validation

The issue was addressed with improved memory handling

CVE-2023-28181 7.8 - High - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.

A validation issue was addressed with improved input sanitization

CVE-2023-28200 5.5 - Medium - May 08, 2023

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.

Improper Input Validation

The issue was addressed by removing origin information

CVE-2023-27954 6.5 - Medium - May 08, 2023

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

The issue was addressed with improved checks

CVE-2023-27955 5.5 - Medium - May 08, 2023

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files.

The issue was addressed with improved memory handling

CVE-2023-27959 7.8 - High - May 08, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-46701 7.8 - High - December 15, 2022

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

Improper Input Validation

The issue was addressed with improved memory handling

CVE-2022-46702 5.5 - Medium - December 15, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

A memory corruption issue was addressed with improved input validation

CVE-2022-46700 8.8 - High - December 15, 2022

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2022-42829 6.7 - Medium - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved memory handling

CVE-2022-42830 6.7 - Medium - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

A race condition was addressed with improved locking

CVE-2022-42831 6.4 - Medium - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Race Condition

A race condition was addressed with improved locking

CVE-2022-42832 6.4 - Medium - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Race Condition

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32888 8.8 - High - November 01, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

An access issue was addressed with improvements to the sandbox

CVE-2022-32892 8.6 - High - November 01, 2022

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

The issue was addressed with improved memory handling

CVE-2022-32898 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32899 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

A use after free issue was addressed with improved memory management

CVE-2022-32922 8.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A correctness issue in the JIT was addressed with improved checks

CVE-2022-32923 6.5 - Medium - November 01, 2022

A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.

The issue was addressed with improved memory handling

CVE-2022-32924 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32926 6.7 - Medium - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32927 7.5 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.

A permissions issue was addressed with additional restrictions

CVE-2022-32929 5.5 - Medium - November 01, 2022

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.

The issue was addressed with improved memory handling

CVE-2022-32932 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

A lock screen issue was addressed with improved state management

CVE-2022-32935 4.6 - Medium - November 01, 2022

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2022-32938 5.3 - Medium - November 01, 2022

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.

The issue was addressed with improved bounds checks

CVE-2022-32939 7.8 - High - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32940 7.8 - High - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32941 9.8 - Critical - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.

Classic Buffer Overflow

A memory corruption issue was addressed with improved state management

CVE-2022-32944 7.8 - High - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

This issue was addressed with improved entitlements

CVE-2022-32946 5.5 - Medium - November 01, 2022

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

The issue was addressed with improved memory handling

CVE-2022-32947 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

An out-of-bounds read was addressed with improved input validation

CVE-2020-36521 7.1 - High - September 23, 2022

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2022-32841 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.

A use after free issue was addressed with improved memory management

CVE-2022-22624 8.8 - High - September 23, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A use after free issue was addressed with improved memory management

CVE-2022-22628 8.8 - High - September 23, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A logic issue was addressed with improved state management

CVE-2022-22637 8.8 - High - September 23, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

This issue was addressed by enabling hardened runtime

CVE-2022-32781 4.4 - Medium - September 23, 2022

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.

A null pointer dereference was addressed with improved validation

CVE-2022-32785 5.5 - Medium - September 23, 2022

A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.

NULL Pointer Dereference

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32787 8.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2022-22610 8.8 - High - September 23, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2022-26700 8.8 - High - September 23, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.

Memory Corruption

This issue was addressed with improved checks

CVE-2022-32790 7.5 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-32792 8.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

The issue was addressed with improved memory handling

CVE-2022-32815 7.8 - High - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved UI handling

CVE-2022-32816 6.5 - Medium - September 23, 2022

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.

An out-of-bounds read issue was addressed with improved bounds checking

CVE-2022-32817 5.5 - Medium - September 23, 2022

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2022-32819 7.8 - High - September 23, 2022

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-32820 7.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An authorization issue was addressed with improved state management

CVE-2022-32826 7.8 - High - September 23, 2022

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.

An information disclosure issue was addressed by removing the vulnerable code

CVE-2022-32849 5.5 - Medium - September 23, 2022

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

A memory corruption issue was addressed with improved validation

CVE-2022-32821 7.8 - High - September 23, 2022

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A memory initialization issue was addressed with improved memory handling

CVE-2022-32823 5.5 - Medium - September 23, 2022

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.

Improper Initialization

The issue was addressed with improved memory handling

CVE-2022-32825 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

The issue was addressed with improved memory handling

CVE-2022-32828 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

This issue was addressed with improved checks

CVE-2022-32829 7.8 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2022-32845 10 - Critical - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.

This issue was addressed with improved checks

CVE-2022-32847 9.1 - Critical - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

The issue was addressed with improved memory handling

CVE-2022-32832 6.7 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

CVE-2022-37434 9.8 - Critical - August 05, 2022

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2022-26768 7.8 - High - May 26, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2022-26731 4.3 - Medium - May 26, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26736 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26737 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-26738 7.8 - High - May 26, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called

CVE-2022-26981 7.8 - High - March 13, 2022

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

Classic Buffer Overflow

An out-of-bounds write was addressed with improved input validation

CVE-2020-9897 7.8 - High - October 28, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved restrictions

CVE-2021-30823 6.5 - Medium - October 28, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

A logic issue was addressed with improved state management

CVE-2021-30834 7.8 - High - October 28, 2021

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30807 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2021-1852 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.

Out-of-bounds Read

Copied files may not have the expected file permissions

CVE-2021-1832 5.5 - Medium - September 08, 2021

Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.

Incorrect Default Permissions

A race condition was addressed with improved locking

CVE-2021-1884 5.9 - Medium - September 08, 2021

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.

Race Condition

A buffer overflow was addressed with improved size validation

CVE-2021-30736 7.8 - High - September 08, 2021

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.

Classic Buffer Overflow

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code

CVE-2021-30737 8.8 - High - September 08, 2021

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.

Memory Corruption

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30734 8.8 - High - September 08, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved restrictions

CVE-2021-30729 7.5 - High - September 08, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.

This issue was addressed with improved checks

CVE-2021-30724 7.8 - High - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.