iOS Apple iOS The iOS Operating System used by iPhones.

Do you want an email whenever new security vulnerabilities are reported in Apple iOS?

By the Year

In 2023 there have been 179 vulnerabilities in Apple iOS with an average score of 6.7 out of ten. Last year iOS had 242 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in iOS in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.40

Year Vulnerabilities Average Score
2023 179 6.69
2022 242 7.09
2021 383 7.01
2020 252 7.09
2019 349 7.48
2018 100 7.39

It may take a day or so for new iOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple iOS Security Vulnerabilities

The issue was addressed with improved handling of caches

CVE-2023-41990 7.8 - High - September 12, 2023

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-40442 3.3 - Low - September 12, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.

Insertion of Sensitive Information into Log File

A buffer overflow issue was addressed with improved memory handling

CVE-2023-41064 7.8 - High - September 07, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Classic Buffer Overflow

A validation issue was addressed with improved logic

CVE-2023-41061 7.8 - High - September 07, 2023

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

This issue was addressed with improved redaction of sensitive information

CVE-2023-38605 3.3 - Low - September 06, 2023

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a users current location.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-40392 3.3 - Low - September 06, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.

Insertion of Sensitive Information into Log File

A permissions issue was addressed with improved redaction of sensitive information

CVE-2023-34352 5.3 - Medium - September 06, 2023

A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.

Incorrect Default Permissions

This issue was addressed with improved checks to prevent unauthorized actions

CVE-2023-32438 5.5 - Medium - September 06, 2023

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.

A privacy issue was addressed with improved handling of temporary files

CVE-2023-32432 5.5 - Medium - September 06, 2023

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

This issue was addressed with improved file handling

CVE-2023-32428 7.8 - High - September 06, 2023

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.

The issue was addressed with improved memory handling

CVE-2023-32425 7.8 - High - September 06, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.

A logic issue was addressed with improved state management

CVE-2023-28208 4.3 - Medium - September 06, 2023

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.

An access issue was addressed with improvements to the sandbox

CVE-2022-22655 5.5 - Medium - August 14, 2023

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.

A type confusion issue was addressed with improved checks

CVE-2023-32358 8.8 - High - August 14, 2023

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

Object Type Confusion

A use-after-free issue was addressed with improved memory management

CVE-2023-28198 8.8 - High - August 14, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.

Dangling pointer

The issue was addressed with improved bounds checks

CVE-2022-48503 8.8 - High - August 14, 2023

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

A spoofing issue existed in the handling of URLs

CVE-2022-46725 4.3 - Medium - August 14, 2023

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.

This issue was addressed by restricting options offered on a locked device

CVE-2022-46724 2.4 - Low - August 14, 2023

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.

An out-of-bounds write issue was addressed with improved input validation

CVE-2023-38604 9.8 - Critical - July 28, 2023

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2023-38599 6.5 - Medium - July 28, 2023

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

A use-after-free issue was addressed with improved memory management

CVE-2023-38598 9.8 - Critical - July 28, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A logic issue was addressed with improved restrictions

CVE-2023-38592 8.8 - High - July 28, 2023

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.

A buffer overflow issue was addressed with improved memory handling

CVE-2023-38590 8.8 - High - July 28, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.

Classic Buffer Overflow

An out-of-bounds read was addressed with improved bounds checking

CVE-2023-37285 9.8 - Critical - July 28, 2023

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

Out-of-bounds Read

An integer overflow was addressed with improved input validation

CVE-2023-36495 9.8 - Critical - July 28, 2023

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

Integer Overflow or Wraparound

The issue was addressed with improved memory handling

CVE-2023-34425 9.8 - Critical - July 28, 2023

The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2023-32445 6.1 - Medium - July 28, 2023

This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.

XSS

The issue was addressed with improved memory handling

CVE-2023-32393 8.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.

A logic issue was addressed with improved restrictions

CVE-2023-32416 5.5 - Medium - July 27, 2023

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.

The issue was addressed with improved memory handling

CVE-2023-32441 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2023-38611 8.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks

CVE-2023-38603 7.5 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.

The issue was addressed with improved checks

CVE-2023-38600 8.8 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks

CVE-2023-38595 8.8 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

A logic issue was addressed with improved checks

CVE-2023-38593 5.5 - Medium - July 27, 2023

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.

The issue was addressed with improved memory handling

CVE-2023-38580 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2023-38425 7.2 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2023-38424 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2023-38261 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.

A path handling issue was addressed with improved validation

CVE-2023-38565 7.8 - High - July 27, 2023

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.

The issue was addressed with improved memory handling

CVE-2023-38136 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

A use-after-free issue was addressed with improved memory management

CVE-2023-35993 7.8 - High - July 27, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved memory handling

CVE-2023-32734 7.8 - High - July 27, 2023

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved checks

CVE-2023-38572 7.5 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.

The issue was addressed with improvements to the file handling protocol

CVE-2023-32437 8.6 - High - July 27, 2023

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

The issue was addressed with improved checks

CVE-2023-37450 8.8 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

The issue was addressed with improved checks

CVE-2023-38133 6.5 - Medium - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.

This issue was addressed with improved state management

CVE-2023-38606 5.5 - Medium - July 27, 2023

This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

The issue was addressed with improved checks

CVE-2023-38410 7.8 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

The issue was addressed with improved checks

CVE-2023-38594 8.8 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

The issue was addressed with improved checks

CVE-2023-38597 8.8 - High - July 27, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

A use-after-free issue was addressed with improved memory management

CVE-2023-32433 7.8 - High - July 27, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A use-after-free issue was addressed with improved memory management

CVE-2023-32381 7.8 - High - July 27, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A logic issue was addressed with improved checks

CVE-2023-32352 5.5 - Medium - June 23, 2023

A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.

A denial-of-service issue was addressed with improved memory handling

CVE-2023-32385 5.5 - Medium - June 23, 2023

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.

A buffer overflow was addressed with improved bounds checking

CVE-2023-32384 7.8 - High - June 23, 2023

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.

Classic Buffer Overflow

The issue was addressed with additional permissions checks

CVE-2023-27940 6.3 - Medium - June 23, 2023

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.

A type confusion issue was addressed with improved checks

CVE-2023-27930 7.8 - High - June 23, 2023

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.

Object Type Confusion

A logic issue was addressed with improved restrictions

CVE-2022-46718 5.5 - Medium - June 23, 2023

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information

A logic issue was addressed with improved checks

CVE-2022-46715 5.5 - Medium - June 23, 2023

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences

This issue was addressed with improved data protection

CVE-2022-42792 5.5 - Medium - June 23, 2023

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information

A use-after-free issue was addressed with improved memory management

CVE-2023-32373 8.8 - High - June 23, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Dangling pointer

An out-of-bounds read was addressed with improved input validation

CVE-2023-32372 5.5 - Medium - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.

Out-of-bounds Read

This issue was addressed with improved redaction of sensitive information

CVE-2023-28191 5.5 - Medium - June 23, 2023

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

A type confusion issue was addressed with improved checks

CVE-2023-32439 8.8 - High - June 23, 2023

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Object Type Confusion

A memory corruption issue was addressed with improved state management

CVE-2023-32435 8.8 - High - June 23, 2023

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Memory Corruption

An integer overflow was addressed with improved input validation

CVE-2023-32434 7.8 - High - June 23, 2023

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Integer Overflow or Wraparound

A buffer overflow issue was addressed with improved memory handling

CVE-2023-32423 6.5 - Medium - June 23, 2023

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.

Classic Buffer Overflow

This issue was addressed by adding additional SQLite logging restrictions

CVE-2023-32422 5.5 - Medium - June 23, 2023

This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.

An out-of-bounds read was addressed with improved input validation

CVE-2023-32420 7.1 - High - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.

Out-of-bounds Read

The issue was addressed with improved bounds checks

CVE-2023-32419 9.8 - Critical - June 23, 2023

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.

This issue was addressed with improved redaction of sensitive information

CVE-2023-32415 5.5 - Medium - June 23, 2023

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.

A race condition was addressed with improved state handling

CVE-2023-32413 7 - High - June 23, 2023

A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.

Race Condition

A use-after-free issue was addressed with improved memory management

CVE-2023-32412 9.8 - Critical - June 23, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

Dangling pointer

This issue was addressed with improved entitlements

CVE-2023-32411 5.5 - Medium - June 23, 2023

This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

An out-of-bounds read was addressed with improved input validation

CVE-2023-32410 5.5 - Medium - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.

Out-of-bounds Read

The issue was addressed with improved bounds checks

CVE-2023-32409 8.6 - High - June 23, 2023

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.

The issue was addressed with improved handling of caches

CVE-2023-32408 5.5 - Medium - June 23, 2023

The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.

This issue was addressed with improved entitlements

CVE-2023-32404 5.5 - Medium - June 23, 2023

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2023-32388 5.5 - Medium - June 23, 2023

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

An out-of-bounds read was addressed with improved input validation

CVE-2023-32354 5.5 - Medium - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.

Out-of-bounds Read

An authorization issue was addressed with improved state management

CVE-2023-32357 7.1 - High - June 23, 2023

An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.

The issue was addressed with improved checks

CVE-2023-32365 2.4 - Low - June 23, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.

This issue was addressed with improved entitlements

CVE-2023-32367 5.5 - Medium - June 23, 2023

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.

An out-of-bounds read was addressed with improved input validation

CVE-2023-32368 5.5 - Medium - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.

Out-of-bounds Read

The issue was addressed with improved checks

CVE-2023-32371 6.3 - Medium - June 23, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.

This issue was addressed with improved entitlements

CVE-2023-32376 5.5 - Medium - June 23, 2023

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

This issue was addressed with improved state management

CVE-2023-28202 5.5 - Medium - June 23, 2023

This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.

An out-of-bounds read was addressed with improved input validation

CVE-2023-28204 6.5 - Medium - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Out-of-bounds Read

This issue was addressed with improved redaction of sensitive information

CVE-2023-32389 5.5 - Medium - June 23, 2023

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.

The issue was addressed with improved checks

CVE-2023-32391 4.6 - Medium - June 23, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.

A logic issue was addressed with improved state management

CVE-2023-32407 5.5 - Medium - June 23, 2023

A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

This issue was addressed with improved redaction of sensitive information

CVE-2023-32403 5.5 - Medium - June 23, 2023

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.

An out-of-bounds read was addressed with improved input validation

CVE-2023-32402 6.5 - Medium - June 23, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2023-32400 5.5 - Medium - June 23, 2023

This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

The issue was addressed with improved handling of caches

CVE-2023-32399 5.5 - Medium - June 23, 2023

The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.

A logic issue was addressed with improved state management

CVE-2023-32397 7.5 - High - June 23, 2023

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

A use-after-free issue was addressed with improved memory management

CVE-2023-32398 7.8 - High - June 23, 2023

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved checks

CVE-2023-32390 2.4 - Low - June 23, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.

The issue was addressed with improved checks

CVE-2023-32394 2.4 - Low - June 23, 2023

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.

Exposure of Resource to Wrong Sphere

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple iPad OS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple iOS
The iOS Operating System used by iPhones.

subscribe