Apple iOS The iOS Operating System used by iPhones.
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple iOS.
Recent Apple iOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 122404 | iOS 18.5 and iPadOS 18.5 - Apple Security Content | May 12, 2025 |
| 122282 | iOS 18.4.1 and iPadOS 18.4.1 - Apple Security Content | April 16, 2025 |
| 122345 | iOS 15.8.4 and iPadOS 15.8.4 - Apple Security Content | March 31, 2025 |
| 122346 | iOS 16.7.11 and iPadOS 16.7.11 - Apple Security Content | March 31, 2025 |
| 122371 | iOS 18.4 and iPadOS 18.4 - Apple Security Content | March 31, 2025 |
| 122281 | iOS 18.3.2 and iPadOS 18.3.2 - Apple Security Content | March 11, 2025 |
| 122174 | iOS 18.3.1 and iPadOS 18.3.1 - Apple Security Content | February 10, 2025 |
| 122066 | iOS 18.3 and iPadOS 18.3 - Apple Security Content | January 27, 2025 |
| 121837 | iOS 18.2 and iPadOS 18.2 - Apple Security Content | December 11, 2024 |
| 121754 | iOS 17.7.2 and iPadOS 17.7.2 - Apple Security Content | November 19, 2024 |
Known Exploited Apple iOS Vulnerabilities
The following Apple iOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple iOS Type Confusion Vulnerability |
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. CVE-2022-42856 Exploit Probability: 0.2% |
December 14, 2022 |
| Apple iOS Information Disclosure Vulnerability |
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. CVE-2016-4655 Exploit Probability: 82.5% |
May 24, 2022 |
| Apple iOS Memory Corruption Vulnerability |
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. CVE-2016-4656 Exploit Probability: 69.0% |
May 24, 2022 |
| Apple iOS Webkit Memory Corruption Vulnerability |
WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. CVE-2016-4657 Exploit Probability: 76.4% |
May 24, 2022 |
| Apple iOS Memory Corruption Vulnerability |
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. CVE-2019-7287 Exploit Probability: 4.1% |
May 23, 2022 |
| Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability |
An integer overflow was addressed with improved input validation vulnerability affecting iOS devices that allows for remote code execution. CVE-2021-30860 Exploit Probability: 69.4% |
November 3, 2021 |
| Apple WebKit Browser Engine Use-After-Free Vulnerability |
Use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30762 Exploit Probability: 0.1% |
November 3, 2021 |
| Apple iOS Privilege Escalation and Code Execution Chain |
A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782 Exploit Probability: 6.1% |
November 3, 2021 |
| Apple iOS Privilege Escalation and Code Execution Chain |
A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1870 Exploit Probability: 0.6% |
November 3, 2021 |
| Apple iOS Privilege Escalation and Code Execution Chain |
A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871 Exploit Probability: 1.0% |
November 3, 2021 |
| Apple iOS Webkit Browser Engine XSS |
Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1879 Exploit Probability: 2.0% |
November 3, 2021 |
| Apple iOS Webkit Storage Use-After-Free Remote Code Execution Vulnerability |
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30661 Exploit Probability: 0.2% |
November 3, 2021 |
| Apple iOS12.x Buffer Overflow |
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30666 Exploit Probability: 0.9% |
November 3, 2021 |
| Apple WebKit Browser Engine Memory Corruption Vulnerability |
Memory corruption issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30761 Exploit Probability: 0.4% |
November 3, 2021 |
The vulnerability CVE-2016-4655: Apple iOS Information Disclosure Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 3 known exploited Apple iOS vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Apple iOS EOL Dates
Ensure that you are using a supported version of Apple iOS. Here are some end of life, and end of support dates for Apple iOS.
| Release | EOL Date | Status |
|---|---|---|
| 18 | - |
Active
|
| 18 | - |
Active
|
| 17 | November 19, 2024 |
EOL
Apple iOS 17 became EOL in 2024 and supported ended in 2024 |
| 17 | November 19, 2024 |
EOL
Apple iOS 17 became EOL in 2024 and supported ended in 2024 |
| 16 | March 31, 2025 |
EOL
Apple iOS 16 became EOL in 2025 and supported ended in 2023 |
| 16 | March 31, 2025 |
EOL
Apple iOS 16 became EOL in 2025 and supported ended in 2023 |
| 15 | March 31, 2025 |
EOL
Apple iOS 15 became EOL in 2025 and supported ended in 2022 |
| 15 | March 31, 2025 |
EOL
Apple iOS 15 became EOL in 2025 and supported ended in 2022 |
| 14 | October 1, 2021 |
EOL
Apple iOS 14 became EOL in 2021 and supported ended in 2021 |
| 14 | October 1, 2021 |
EOL
Apple iOS 14 became EOL in 2021 and supported ended in 2021 |
| 13 | September 16, 2020 |
EOL
Apple iOS 13 became EOL in 2020 and supported ended in 2020 |
| 13 | September 16, 2020 |
EOL
Apple iOS 13 became EOL in 2020 and supported ended in 2020 |
| 12 | January 23, 2023 |
EOL
Apple iOS 12 became EOL in 2023 and supported ended in 2019 |
| 12 | January 23, 2023 |
EOL
Apple iOS 12 became EOL in 2023 and supported ended in 2019 |
| 11 | October 8, 2018 |
EOL
Apple iOS 11 became EOL in 2018 and supported ended in 2018 |
| 11 | October 8, 2018 |
EOL
Apple iOS 11 became EOL in 2018 and supported ended in 2018 |
| 10 | September 26, 2017 |
EOL
Apple iOS 10 became EOL in 2017 and supported ended in 2017 |
| 10 | September 26, 2017 |
EOL
Apple iOS 10 became EOL in 2017 and supported ended in 2017 |
| 9 | September 13, 2016 |
EOL
Apple iOS 9 became EOL in 2016 and supported ended in 2016 |
| 9 | September 13, 2016 |
EOL
Apple iOS 9 became EOL in 2016 and supported ended in 2016 |
By the Year
In 2025 there have been 188 vulnerabilities in Apple iOS with an average score of 6.4 out of ten. Last year, in 2024 iOS had 321 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in iOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.43.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 188 | 6.40 |
| 2024 | 321 | 5.97 |
| 2023 | 270 | 6.57 |
| 2022 | 244 | 7.09 |
| 2021 | 383 | 7.01 |
| 2020 | 252 | 7.09 |
| 2019 | 350 | 7.48 |
| 2018 | 100 | 7.39 |
It may take a day or so for new iOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple iOS Security Vulnerabilities
This issue was addressed with improved checks
CVE-2025-43200
- June 16, 2025
This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
This issue was addressed through improved state management
CVE-2025-30466
- May 29, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.
A logging issue was addressed with improved data redaction
CVE-2025-31199
- May 29, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
The issue was addressed with improved memory handling
CVE-2025-24184
- May 19, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.
The issue was addressed with improved checks
CVE-2025-24189
- May 19, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.
A logic issue was addressed with improved checks
CVE-2025-31185
- May 19, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
A permissions issue was addressed with additional restrictions
CVE-2025-31262
- May 19, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.
This issue was addressed through improved state management
CVE-2025-31214
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
The issue was addressed with improved input sanitization
CVE-2025-31251
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
A privacy issue was addressed by removing sensitive data
CVE-2025-31225
- May 12, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.
This issue was addressed through improved state management
CVE-2025-31212
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.
The issue was addressed with improved checks
CVE-2025-31208
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
An out-of-bounds read was addressed with improved bounds checking
CVE-2025-31209
- May 12, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.
A use-after-free issue was addressed with improved memory management
CVE-2025-31239
- May 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
The issue was addressed with improved input sanitization
CVE-2025-31233
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
This issue was addressed through improved state management
CVE-2025-31253
- May 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.
The issue was addressed with improved UI
CVE-2025-31210
- May 12, 2025
The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service.
A logic issue was addressed with improved checks
CVE-2025-31207
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
This issue was addressed with additional entitlement checks
CVE-2025-30448
- May 12, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.
A logic issue was addressed with improved checks
CVE-2025-31226
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.
The issue was addressed with improved memory handling
CVE-2025-31219
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
A double free issue was addressed with improved memory management
CVE-2025-31241
- May 12, 2025
A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
An injection issue was addressed with improved input validation
CVE-2025-24225
- May 12, 2025
An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.
A correctness issue was addressed with improved checks
CVE-2025-31222
- May 12, 2025
A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.
The issue was addressed with improved authentication
CVE-2025-31228
- May 12, 2025
The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen.
A logic issue was addressed with improved checks
CVE-2025-31227
- May 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.
The issue was addressed with improved checks
CVE-2025-31245
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
An integer overflow was addressed with improved input validation
CVE-2025-31221
- May 12, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.
A memory corruption issue was addressed with improved state management
CVE-2025-24111
- May 12, 2025
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
An information disclosure issue was addressed by removing the vulnerable code
CVE-2025-24144
- May 12, 2025
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.
This issue was addressed by restricting options offered on a locked device
CVE-2025-30436
- May 12, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.
A permissions issue was addressed with additional restrictions
CVE-2025-24220
- May 12, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier.
The issue was addressed with improved input sanitization
CVE-2025-31234
- May 12, 2025
The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
This issue was addressed with improved memory handling
CVE-2025-31257
- May 12, 2025
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved checks
CVE-2025-31205
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.
A type confusion issue was addressed with improved state handling
CVE-2025-31206
- May 12, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved input validation
CVE-2025-31217
- May 12, 2025
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved checks
CVE-2025-31223
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved checks
CVE-2025-31238
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-24223
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved memory handling
CVE-2025-31204
- May 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
The issue was addressed with improved checks
CVE-2025-31215
- May 12, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
An app could impersonate system notifications
CVE-2025-24091
- April 30, 2025
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
An integer overflow was addressed with improved input validation
CVE-2025-31203
- April 29, 2025
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
This issue was addressed by removing the vulnerable code
CVE-2025-24270
- April 29, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.
A null pointer dereference was addressed with improved input validation
CVE-2025-24179
- April 29, 2025
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.
An access issue was addressed with improved access restrictions
CVE-2025-24271
- April 29, 2025
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.
The issue was addressed with improved checks
CVE-2025-24251
- April 29, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.
A use-after-free issue was addressed with improved memory management
CVE-2025-24252
- April 29, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
An authentication issue was addressed with improved state management
CVE-2025-24206
- April 29, 2025
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
