iOS Apple iOS The iOS Operating System used by iPhones.

  1. Vendors
  2. Apple
  3. iOS
Do you want an email whenever new security vulnerabilities are reported in Apple iOS?

By the Year

In 2021 there have been 89 vulnerabilities in Apple iOS with an average score of 7.3 out of ten. Last year iOS had 233 security vulnerabilities published. Right now, iOS is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.18.

Year Vulnerabilities Average Score
2021 89 7.30
2020 233 7.12
2019 346 7.51
2018 98 7.37

It may take a day or so for new iOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple iOS Security Vulnerabilities

An out-of-bounds read was addressed with improved input validation

CVE-2021-1794 9.8 - Critical - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Out-of-bounds Read

An out-of-bounds write was addressed with improved input validation

CVE-2021-1795 9.8 - Critical - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Memory Corruption

An out-of-bounds write was addressed with improved input validation

CVE-2021-1796 9.8 - Critical - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved validation

CVE-2021-1844 8.8 - High - April 02, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Buffer Overflow

A logic issue was addressed with improved state management

CVE-2021-1818 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

This issue was addressed by improved management of object lifetimes

CVE-2021-1879 6.1 - Medium - April 02, 2021

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

XSS

This issue was addressed by improved management of object lifetimes

CVE-2021-1879 6.1 - Medium - April 02, 2021

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

XSS

A logic issue was addressed with improved restrictions

CVE-2021-1870 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

A logic issue was addressed with improved restrictions

CVE-2021-1871 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1753 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2021-1761 7.5 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

This issue was addressed with improved checks

CVE-2021-1793 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

The issue was addressed with improved permissions logic

CVE-2021-1797 5.5 - Medium - April 02, 2021

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.

A port redirection issue was addressed with additional port validation

CVE-2021-1799 6.5 - Medium - April 02, 2021

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

This issue was addressed with improved iframe sandbox enforcement

CVE-2021-1801 6.5 - Medium - April 02, 2021

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

A use after free issue was addressed with improved memory management

CVE-2020-27920 8.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.

Dangling pointer

A logic issue was addressed with improved state management

CVE-2020-27922 7.8 - High - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.

An out-of-bounds write was addressed with improved input validation

CVE-2020-27923 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2020-27924 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

A memory corruption issue existed in the processing of font files

CVE-2020-27931 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

A use after free issue was addressed with improved memory management

CVE-2020-27899 7.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.

Dangling pointer

An out-of-bounds read was addressed with improved input validation

CVE-2020-27908 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

Multiple issues were addressed with improved logic

CVE-2020-27935 6.3 - Medium - April 02, 2021

Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.

A memory corruption issue existed in the processing of font files

CVE-2020-27943 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

A memory corruption issue existed in the processing of font files

CVE-2020-27944 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

This issue was addressed with improved checks

CVE-2020-27951 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.

This issue was addressed with improved checks

CVE-2020-27951 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.

An out-of-bounds read was addressed with improved input validation

CVE-2020-29618 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-29619 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.

Out-of-bounds Read

A memory corruption issue existed in the processing of font files

CVE-2020-29624 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9955 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2020-9975 7.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1743 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-29615 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.

Out-of-bounds Read

This issue was addressed with improved setting propagation

CVE-2020-9978 4.5 - Medium - April 02, 2021

This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.

This issue was addressed with improved checks

CVE-2021-1742 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-27948 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-29608 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2020-29613 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain.

An out-of-bounds read was addressed with improved input validation

CVE-2020-29639 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory.

Out-of-bounds Read

A buffer overflow was addressed with improved size validation

CVE-2020-9962 7.8 - High - April 02, 2021

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.

Classic Buffer Overflow

A logic issue was addressed with improved validation

CVE-2020-9971 7.8 - High - April 02, 2021

A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1741 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An information disclosure issue was addressed with improved state management

CVE-2020-27946 5.5 - Medium - April 02, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.

Information Disclosure

An out-of-bounds read was addressed with improved input validation

CVE-2020-29610 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.

Out-of-bounds Read

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-29611 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved checks

CVE-2020-29614 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.

An out-of-bounds read was addressed with improved input validation

CVE-2020-29617 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.

Out-of-bounds Read

"Clear History and Website Data" did not clear the history

CVE-2020-29623 3.3 - Low - April 02, 2021

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

An out-of-bounds read was addressed with improved input validation

CVE-2020-9956 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-9960 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

Multiple memory corruption issues were addressed with improved input validation

CVE-2020-9967 7.8 - High - April 02, 2021

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

Buffer Overflow

A use after free issue was addressed with improved memory management

CVE-2020-9926 7.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Dangling pointer

This issue was addressed with improved checks

CVE-2021-1746 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds write was addressed with improved input validation

CVE-2021-1747 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution.

Memory Corruption

A validation issue was addressed with improved input sanitization

CVE-2021-1748 8.8 - High - April 02, 2021

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

Improper Input Validation

This issue was addressed with improved checks

CVE-2021-1754 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1757 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1768 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Out-of-bounds Read

A logic issue was addressed with improved validation

CVE-2021-1769 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

A use after free issue was addressed with improved memory management

CVE-2021-1764 7.5 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Dangling pointer

This issue was addressed with improved checks

CVE-2021-1766 5.5 - Medium - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

A memory corruption issue was addressed with improved input validation

CVE-2020-27933 7.8 - High - April 02, 2021

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.

Buffer Overflow

Multiple issues were addressed with improved logic

CVE-2021-1750 7.8 - High - April 02, 2021

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges.

Improper Privilege Management

A logic issue was addressed with improved state management

CVE-2021-1773 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

This issue was addressed with improved checks

CVE-2021-1774 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2021-1776 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved checks

CVE-2021-1777 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read issue existed in the curl

CVE-2021-1778 5.5 - Medium - April 02, 2021

An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

Out-of-bounds Read

A memory initialization issue was addressed with improved memory handling

CVE-2021-1780 4.4 - Medium - April 02, 2021

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.

Improper Initialization

A lock screen issue allowed access to contacts on a locked device

CVE-2021-1756 2.4 - Low - April 02, 2021

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1758 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2021-1759 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

A memory corruption issue was addressed with improved state management

CVE-2021-1760 5.5 - Medium - April 02, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.

Buffer Overflow

A buffer overflow was addressed with improved bounds checking

CVE-2021-1763 7.8 - High - April 02, 2021

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Classic Buffer Overflow

This issue was addressed with improved checks

CVE-2021-1767 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.

Buffer Overflow

A privacy issue existed in the handling of Contact cards

CVE-2021-1781 5.5 - Medium - April 02, 2021

A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information.

A race condition was addressed with improved locking

CVE-2021-1782 7 - High - April 02, 2021

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

Improper Privilege Management

An access issue was addressed with improved memory management

CVE-2021-1783 7.8 - High - April 02, 2021

An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read was addressed with improved input validation

CVE-2021-1785 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

A stack overflow was addressed with improved input validation

CVE-2021-1772 7.8 - High - April 02, 2021

A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-1786 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.

Multiple issues were addressed with improved logic

CVE-2021-1787 7.8 - High - April 02, 2021

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.

Improper Privilege Management

A use after free issue was addressed with improved memory management

CVE-2021-1788 8.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A type confusion issue was addressed with improved state handling

CVE-2021-1789 8.8 - High - April 02, 2021

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

An out-of-bounds read issue existed that led to the disclosure of kernel memory

CVE-2021-1791 5.5 - Medium - April 02, 2021

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1792 8.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Out-of-bounds Read

An out-of-bounds write was addressed with improved input validation

CVE-2021-1744 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2021-1745 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Out-of-bounds Read

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages

CVE-2020-7463 5.5 - Medium - March 26, 2021

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Dangling pointer

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate

CVE-2021-23841 5.9 - Medium - February 16, 2021

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Integer Overflow or Wraparound

This issue was addressed with improved checks

CVE-2020-9991 7.5 - High - December 08, 2020

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.

A use after free issue was addressed with improved memory management

CVE-2020-27918 7.8 - High - December 08, 2020

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

An out-of-bounds write was addressed with improved input validation

CVE-2020-10017 7.8 - High - December 08, 2020

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Memory Corruption

An authentication issue was addressed with improved state management

CVE-2020-27902 4.6 - Medium - December 08, 2020

An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.

authentification

A memory corruption issue was addressed with improved state management

CVE-2020-27905 7.8 - High - December 08, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.

An out-of-bounds read was addressed with improved input validation

CVE-2020-27909 7.8 - High - December 08, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-27910 7.8 - High - December 08, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

An integer overflow was addressed through improved input validation

CVE-2020-27911 7.8 - High - December 08, 2020

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Integer Overflow or Wraparound

An out-of-bounds write was addressed with improved input validation

CVE-2020-27912 7.8 - High - December 08, 2020

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple Watch OS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple iOS
The iOS Operating System used by iPhones.

subscribe