Apple iOS The iOS Operating System used by iPhones.
By the Year
In 2023 there have been 179 vulnerabilities in Apple iOS with an average score of 6.7 out of ten. Last year iOS had 242 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in iOS in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.40
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 179 | 6.69 |
| 2022 | 242 | 7.09 |
| 2021 | 383 | 7.01 |
| 2020 | 252 | 7.09 |
| 2019 | 349 | 7.48 |
| 2018 | 100 | 7.39 |
It may take a day or so for new iOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple iOS Security Vulnerabilities
The issue was addressed with improved handling of caches
CVE-2023-41990
7.8 - High
- September 12, 2023
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40442
3.3 - Low
- September 12, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
A buffer overflow issue was addressed with improved memory handling
CVE-2023-41064
7.8 - High
- September 07, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Classic Buffer Overflow
A validation issue was addressed with improved logic
CVE-2023-41061
7.8 - High
- September 07, 2023
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
This issue was addressed with improved redaction of sensitive information
CVE-2023-38605
3.3 - Low
- September 06, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a users current location.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-40392
3.3 - Low
- September 06, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.
Insertion of Sensitive Information into Log File
A permissions issue was addressed with improved redaction of sensitive information
CVE-2023-34352
5.3 - Medium
- September 06, 2023
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.
Incorrect Default Permissions
This issue was addressed with improved checks to prevent unauthorized actions
CVE-2023-32438
5.5 - Medium
- September 06, 2023
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.
A privacy issue was addressed with improved handling of temporary files
CVE-2023-32432
5.5 - Medium
- September 06, 2023
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.
This issue was addressed with improved file handling
CVE-2023-32428
7.8 - High
- September 06, 2023
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.
The issue was addressed with improved memory handling
CVE-2023-32425
7.8 - High
- September 06, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.
A logic issue was addressed with improved state management
CVE-2023-28208
4.3 - Medium
- September 06, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.
An access issue was addressed with improvements to the sandbox
CVE-2022-22655
5.5 - Medium
- August 14, 2023
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.
A type confusion issue was addressed with improved checks
CVE-2023-32358
8.8 - High
- August 14, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
Object Type Confusion
A use-after-free issue was addressed with improved memory management
CVE-2023-28198
8.8 - High
- August 14, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
Dangling pointer
The issue was addressed with improved bounds checks
CVE-2022-48503
8.8 - High
- August 14, 2023
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
A spoofing issue existed in the handling of URLs
CVE-2022-46725
4.3 - Medium
- August 14, 2023
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
This issue was addressed by restricting options offered on a locked device
CVE-2022-46724
2.4 - Low
- August 14, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.
An out-of-bounds write issue was addressed with improved input validation
CVE-2023-38604
9.8 - Critical
- July 28, 2023
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A logic issue was addressed with improved state management
CVE-2023-38599
6.5 - Medium
- July 28, 2023
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.
A use-after-free issue was addressed with improved memory management
CVE-2023-38598
9.8 - Critical
- July 28, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A logic issue was addressed with improved restrictions
CVE-2023-38592
8.8 - High
- July 28, 2023
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.
A buffer overflow issue was addressed with improved memory handling
CVE-2023-38590
8.8 - High
- July 28, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
Classic Buffer Overflow
An out-of-bounds read was addressed with improved bounds checking
CVE-2023-37285
9.8 - Critical
- July 28, 2023
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Out-of-bounds Read
An integer overflow was addressed with improved input validation
CVE-2023-36495
9.8 - Critical
- July 28, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Integer Overflow or Wraparound
The issue was addressed with improved memory handling
CVE-2023-34425
9.8 - Critical
- July 28, 2023
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved checks
CVE-2023-32445
6.1 - Medium
- July 28, 2023
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
XSS
The issue was addressed with improved memory handling
CVE-2023-32393
8.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.
A logic issue was addressed with improved restrictions
CVE-2023-32416
5.5 - Medium
- July 27, 2023
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.
The issue was addressed with improved memory handling
CVE-2023-32441
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-38611
8.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38603
7.5 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.
The issue was addressed with improved checks
CVE-2023-38600
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38595
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
A logic issue was addressed with improved checks
CVE-2023-38593
5.5 - Medium
- July 27, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.
The issue was addressed with improved memory handling
CVE-2023-38580
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-38425
7.2 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-38424
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved memory handling
CVE-2023-38261
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
A path handling issue was addressed with improved validation
CVE-2023-38565
7.8 - High
- July 27, 2023
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.
The issue was addressed with improved memory handling
CVE-2023-38136
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
A use-after-free issue was addressed with improved memory management
CVE-2023-35993
7.8 - High
- July 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
The issue was addressed with improved memory handling
CVE-2023-32734
7.8 - High
- July 27, 2023
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
The issue was addressed with improved checks
CVE-2023-38572
7.5 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.
The issue was addressed with improvements to the file handling protocol
CVE-2023-32437
8.6 - High
- July 27, 2023
The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.
The issue was addressed with improved checks
CVE-2023-37450
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
The issue was addressed with improved checks
CVE-2023-38133
6.5 - Medium
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.
This issue was addressed with improved state management
CVE-2023-38606
5.5 - Medium
- July 27, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
The issue was addressed with improved checks
CVE-2023-38410
7.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
The issue was addressed with improved checks
CVE-2023-38594
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
The issue was addressed with improved checks
CVE-2023-38597
8.8 - High
- July 27, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.
A use-after-free issue was addressed with improved memory management
CVE-2023-32433
7.8 - High
- July 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A use-after-free issue was addressed with improved memory management
CVE-2023-32381
7.8 - High
- July 27, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A logic issue was addressed with improved checks
CVE-2023-32352
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.
A denial-of-service issue was addressed with improved memory handling
CVE-2023-32385
5.5 - Medium
- June 23, 2023
A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.
A buffer overflow was addressed with improved bounds checking
CVE-2023-32384
7.8 - High
- June 23, 2023
A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.
Classic Buffer Overflow
The issue was addressed with additional permissions checks
CVE-2023-27940
6.3 - Medium
- June 23, 2023
The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.
A type confusion issue was addressed with improved checks
CVE-2023-27930
7.8 - High
- June 23, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.
Object Type Confusion
A logic issue was addressed with improved restrictions
CVE-2022-46718
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
A logic issue was addressed with improved checks
CVE-2022-46715
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences
This issue was addressed with improved data protection
CVE-2022-42792
5.5 - Medium
- June 23, 2023
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
A use-after-free issue was addressed with improved memory management
CVE-2023-32373
8.8 - High
- June 23, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Dangling pointer
An out-of-bounds read was addressed with improved input validation
CVE-2023-32372
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.
Out-of-bounds Read
This issue was addressed with improved redaction of sensitive information
CVE-2023-28191
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
A type confusion issue was addressed with improved checks
CVE-2023-32439
8.8 - High
- June 23, 2023
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Object Type Confusion
A memory corruption issue was addressed with improved state management
CVE-2023-32435
8.8 - High
- June 23, 2023
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Memory Corruption
An integer overflow was addressed with improved input validation
CVE-2023-32434
7.8 - High
- June 23, 2023
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Integer Overflow or Wraparound
A buffer overflow issue was addressed with improved memory handling
CVE-2023-32423
6.5 - Medium
- June 23, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.
Classic Buffer Overflow
This issue was addressed by adding additional SQLite logging restrictions
CVE-2023-32422
5.5 - Medium
- June 23, 2023
This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32420
7.1 - High
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.
Out-of-bounds Read
The issue was addressed with improved bounds checks
CVE-2023-32419
9.8 - Critical
- June 23, 2023
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.
This issue was addressed with improved redaction of sensitive information
CVE-2023-32415
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
A race condition was addressed with improved state handling
CVE-2023-32413
7 - High
- June 23, 2023
A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.
Race Condition
A use-after-free issue was addressed with improved memory management
CVE-2023-32412
9.8 - Critical
- June 23, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.
Dangling pointer
This issue was addressed with improved entitlements
CVE-2023-32411
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32410
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.
Out-of-bounds Read
The issue was addressed with improved bounds checks
CVE-2023-32409
8.6 - High
- June 23, 2023
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
The issue was addressed with improved handling of caches
CVE-2023-32408
5.5 - Medium
- June 23, 2023
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
This issue was addressed with improved entitlements
CVE-2023-32404
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
A privacy issue was addressed with improved private data redaction for log entries
CVE-2023-32388
5.5 - Medium
- June 23, 2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32354
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.
Out-of-bounds Read
An authorization issue was addressed with improved state management
CVE-2023-32357
7.1 - High
- June 23, 2023
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.
The issue was addressed with improved checks
CVE-2023-32365
2.4 - Low
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
This issue was addressed with improved entitlements
CVE-2023-32367
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32368
5.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.
Out-of-bounds Read
The issue was addressed with improved checks
CVE-2023-32371
6.3 - Medium
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.
This issue was addressed with improved entitlements
CVE-2023-32376
5.5 - Medium
- June 23, 2023
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
This issue was addressed with improved state management
CVE-2023-28202
5.5 - Medium
- June 23, 2023
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.
An out-of-bounds read was addressed with improved input validation
CVE-2023-28204
6.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Out-of-bounds Read
This issue was addressed with improved redaction of sensitive information
CVE-2023-32389
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.
The issue was addressed with improved checks
CVE-2023-32391
4.6 - Medium
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
A logic issue was addressed with improved state management
CVE-2023-32407
5.5 - Medium
- June 23, 2023
A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
This issue was addressed with improved redaction of sensitive information
CVE-2023-32403
5.5 - Medium
- June 23, 2023
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
An out-of-bounds read was addressed with improved input validation
CVE-2023-32402
6.5 - Medium
- June 23, 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.
Out-of-bounds Read
This issue was addressed with improved checks
CVE-2023-32400
5.5 - Medium
- June 23, 2023
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
The issue was addressed with improved handling of caches
CVE-2023-32399
5.5 - Medium
- June 23, 2023
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
A logic issue was addressed with improved state management
CVE-2023-32397
7.5 - High
- June 23, 2023
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
A use-after-free issue was addressed with improved memory management
CVE-2023-32398
7.8 - High
- June 23, 2023
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.
Dangling pointer
The issue was addressed with improved checks
CVE-2023-32390
2.4 - Low
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.
The issue was addressed with improved checks
CVE-2023-32394
2.4 - Low
- June 23, 2023
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.
Exposure of Resource to Wrong Sphere
