Apple iPad OS Apple iPad Operating System
Recent Apple iPad OS Security Advisories
Advisory | Title | Published |
---|---|---|
HT213926 | iOS 17.0.1 and iPadOS 17.0.1 Security Content | September 21, 2023 |
HT213927 | iOS 16.7 and iPadOS 16.7 Security Content | September 21, 2023 |
HT213913 | iOS 15.7.9 and iPadOS 15.7.9 Security Content | September 11, 2023 |
HT213905 | iOS 16.6.1 and iPadOS 16.6.1 Security Content | September 7, 2023 |
HT213842 | iOS 15.7.8 and iPadOS 15.7.8 Security Content | July 24, 2023 |
HT213841 | iOS 16.6 and iPadOS 16.6 Security Content | July 24, 2023 |
HT213823 | Rapid Security Responses for iOS 16.5.1 and iPadOS 16.5.1 Security Content | July 10, 2023 |
HT213814 | iOS 16.5.1 and iPadOS 16.5.1 Security Content | June 21, 2023 |
HT213811 | iOS 15.7.7 and iPadOS 15.7.7 Security Content | June 21, 2023 |
HT213765 | iOS 15.7.6 and iPadOS 15.7.6 Security Content | May 18, 2023 |
By the Year
In 2023 there have been 152 vulnerabilities in Apple iPad OS with an average score of 6.7 out of ten. Last year iPad OS had 214 security vulnerabilities published. Right now, iPad OS is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.47
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 152 | 6.70 |
2022 | 214 | 7.18 |
2021 | 333 | 6.94 |
2020 | 231 | 7.12 |
2019 | 34 | 7.54 |
2018 | 0 | 0.00 |
It may take a day or so for new iPad OS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple iPad OS Security Vulnerabilities
The issue was addressed with improved handling of caches
CVE-2023-41990
7.8 - High
- September 12, 2023
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40442
3.3 - Low
- September 12, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
A buffer overflow issue was addressed with improved memory handling
CVE-2023-41064
7.8 - High
- September 07, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Classic Buffer Overflow
A validation issue was addressed with improved logic
CVE-2023-41061
7.8 - High
- September 07, 2023
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40392
3.3 - Low
- September 06, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
This issue was addressed with improved redaction of sensitive information
CVE-2023-38605
3.3 - Low
- September 06, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a users current location.
An access issue was addressed with improvements to the sandbox
CVE-2022-22655
5.5 - Medium
- August 14, 2023
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.
A type confusion issue was addressed with improved checks
CVE-2023-32358
8.8 - High
- August 14, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
Object Type Confusion
A use-after-free issue was addressed with improved memory management
CVE-2023-28198
8.8 - High
- August 14, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
Dangling pointer
The issue was addressed with improved bounds checks
CVE-2022-48503
8.8 - High
- August 14, 2023
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
A spoofing issue existed in the handling of URLs
CVE-2022-46725
4.3 - Medium
- August 14, 2023
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
This issue was addressed by restricting options offered on a locked device
CVE-2022-46724
2.4 - Low
- August 14, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.
An out-of-bounds write issue was addressed with improved input validation
CVE-2023-38604
9.8 - Critical
- July 28, 2023
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A logic issue was addressed with improved state management
CVE-2023-38599
6.5 - Medium
- July 28, 2023
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.
A use-after-free issue was addressed with improved memory management
CVE-2023-38598
9.8 - Critical
- July 28, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A logic issue was addressed with improved restrictions
CVE-2023-38592
8.8 - High
- July 28, 2023
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
A buffer overflow issue was addressed with improved memory handling
CVE-2023-38590
8.8 - High
- July 28, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
Classic Buffer Overflow
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-37285
9.8 - Critical
- July 28, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Out-of-bounds Read
An integer overflow was addressed with improved input validation
CVE-2023-36495
9.8 - Critical
- July 28, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Integer Overflow or Wraparound
The issue was addressed with improved memory handling
CVE-2023-34425
9.8 - Critical
- July 28, 2023
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved checks
CVE-2023-32445
6.1 - Medium
- July 28, 2023
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
XSS
The issue was addressed with improved memory handling
CVE-2023-32441
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
A logic issue was addressed with improved restrictions
CVE-2023-32416
5.5 - Medium
- July 27, 2023
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.
The issue was addressed with improved memory handling
CVE-2023-32393
8.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling
CVE-2023-38611
8.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38603
7.5 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.
The issue was addressed with improved checks
CVE-2023-38600
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38595
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
A logic issue was addressed with improved checks
CVE-2023-38593
5.5 - Medium
- July 27, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.
The issue was addressed with improved memory handling
CVE-2023-38580
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-38425
7.2 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-38424
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
A path handling issue was addressed with improved validation
CVE-2023-38565
7.8 - High
- July 27, 2023
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.
A use-after-free issue was addressed with improved memory management
CVE-2023-35993
7.8 - High
- July 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
The issue was addressed with improved memory handling
CVE-2023-32734
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved checks
CVE-2023-38572
7.5 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.
The issue was addressed with improved checks
CVE-2023-38597
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38594
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38410
7.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
This issue was addressed with improved state management
CVE-2023-38606
5.5 - Medium
- July 27, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
The issue was addressed with improved checks
CVE-2023-38133
6.5 - Medium
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.
The issue was addressed with improved checks
CVE-2023-37450
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
The issue was addressed with improvements to the file handling protocol
CVE-2023-32437
8.6 - High
- July 27, 2023
The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.
A use-after-free issue was addressed with improved memory management
CVE-2023-32433
7.8 - High
- July 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A use-after-free issue was addressed with improved memory management
CVE-2023-32381
7.8 - High
- July 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A denial-of-service issue was addressed with improved memory handling
CVE-2023-32385
5.5 - Medium
- June 23, 2023
A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.
A buffer overflow was addressed with improved bounds checking
CVE-2023-32384
7.8 - High
- June 23, 2023
A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.
Classic Buffer Overflow
The issue was addressed with additional permissions checks
CVE-2023-27940
6.3 - Medium
- June 23, 2023
The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.
A type confusion issue was addressed with improved checks
CVE-2023-27930
7.8 - High
- June 23, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.
Object Type Confusion
A logic issue was addressed with improved restrictions
CVE-2022-46718
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
A logic issue was addressed with improved checks
CVE-2022-46715
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences
This issue was addressed with improved data protection
CVE-2022-42792
5.5 - Medium
- June 23, 2023
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
A use-after-free issue was addressed with improved memory management
CVE-2023-32373
8.8 - High
- June 23, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Dangling pointer
An out-of-bounds read was addressed with improved input validation
CVE-2023-32372
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.
Out-of-bounds Read
This issue was addressed with improved redaction of sensitive information
CVE-2023-28191
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
A type confusion issue was addressed with improved checks
CVE-2023-32439
8.8 - High
- June 23, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Object Type Confusion
A memory corruption issue was addressed with improved state management
CVE-2023-32435
8.8 - High
- June 23, 2023
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Memory Corruption
An integer overflow was addressed with improved input validation
CVE-2023-32434
7.8 - High
- June 23, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Integer Overflow or Wraparound
A buffer overflow issue was addressed with improved memory handling
CVE-2023-32423
6.5 - Medium
- June 23, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.
Classic Buffer Overflow
This issue was addressed by adding additional SQLite logging restrictions
CVE-2023-32422
5.5 - Medium
- June 23, 2023
This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32420
7.1 - High
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.
Out-of-bounds Read
The issue was addressed with improved bounds checks
CVE-2023-32419
9.8 - Critical
- June 23, 2023
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.
This issue was addressed with improved redaction of sensitive information
CVE-2023-32415
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
A race condition was addressed with improved state handling
CVE-2023-32413
7 - High
- June 23, 2023
A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.
Race Condition
A use-after-free issue was addressed with improved memory management
CVE-2023-32412
9.8 - Critical
- June 23, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
Dangling pointer
This issue was addressed with improved entitlements
CVE-2023-32411
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32410
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.
Out-of-bounds Read
The issue was addressed with improved bounds checks
CVE-2023-32409
8.6 - High
- June 23, 2023
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
The issue was addressed with improved handling of caches
CVE-2023-32408
5.5 - Medium
- June 23, 2023
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
A logic issue was addressed with improved state management
CVE-2023-32407
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
This issue was addressed with improved entitlements
CVE-2023-32404
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
This issue was addressed with improved redaction of sensitive information
CVE-2023-32403
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32402
6.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.
Out-of-bounds Read
This issue was addressed with improved checks
CVE-2023-32400
5.5 - Medium
- June 23, 2023
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
The issue was addressed with improved handling of caches
CVE-2023-32399
5.5 - Medium
- June 23, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
A use-after-free issue was addressed with improved memory management
CVE-2023-32398
7.8 - High
- June 23, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A logic issue was addressed with improved state management
CVE-2023-32397
7.5 - High
- June 23, 2023
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
The issue was addressed with improved checks
CVE-2023-32394
2.4 - Low
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.
Exposure of Resource to Wrong Sphere
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-32392
5.5 - Medium
- June 23, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
The issue was addressed with improved checks
CVE-2023-32391
4.6 - Medium
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
The issue was addressed with improved checks
CVE-2023-32390
2.4 - Low
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.
This issue was addressed with improved redaction of sensitive information
CVE-2023-32389
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.
An out-of-bounds read was addressed with improved input validation
CVE-2023-28204
6.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Out-of-bounds Read
This issue was addressed with improved state management
CVE-2023-28202
5.5 - Medium
- June 23, 2023
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.
This issue was addressed with improved entitlements
CVE-2023-32376
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
The issue was addressed with improved checks
CVE-2023-32371
6.3 - Medium
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32368
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.
Out-of-bounds Read
This issue was addressed with improved entitlements
CVE-2023-32367
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.
The issue was addressed with improved checks
CVE-2023-32365
2.4 - Low
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
An authorization issue was addressed with improved state management
CVE-2023-32357
7.1 - High
- June 23, 2023
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32354
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.
Out-of-bounds Read
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-32388
5.5 - Medium
- June 23, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
A logic issue was addressed with improved checks
CVE-2023-32352
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-23537
5.5 - Medium
- May 08, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information.
The issue was addressed with improved bounds checks
CVE-2023-23536
7.8 - High
- May 08, 2023
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-23535
5.5 - Medium
- May 08, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.
This issue was addressed with improved checks
CVE-2023-23532
8.8 - High
- May 08, 2023
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox.
The issue was addressed with improved checks
CVE-2023-23527
5.5 - Medium
- May 08, 2023
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A user may gain access to protected parts of the file system.
This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder
CVE-2023-23526
9.8 - Critical
- May 08, 2023
This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper.
This issue was addressed with improved checks
CVE-2023-23525
7.8 - High
- May 08, 2023
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Macos or by Apple? Click the Watch button to subscribe.
