cbcvebase.

Apple Ios And Ipados vulnerabilities

1,534 known vulnerabilities affecting apple/ios_and_ipados.

Total CVEs
1,534
CISA KEV
57
actively exploited
Public exploits
1
Exploited in wild
44
Severity breakdown
CRITICAL73HIGH605MEDIUM736LOW120

Vulnerabilities

Page 3 of 77
CVE-2026-28905HIGHCVSS 7.5fixed in 26.52026-05-11
CVE-2026-28905 [HIGH] CWE-119 CVE-2026-28905: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28873HIGHCVSS 7.5fixed in 18.7.9fixed in 26.42026-05-11
CVE-2026-28873 [HIGH] CWE-863 CVE-2026-28873: This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and i This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging.
nvd
CVE-2026-28994MEDIUMCVSS 5.3fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28994 [MEDIUM] CWE-416 CVE-2026-28994: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi pac
nvd
CVE-2026-28901MEDIUMCVSS 4.3fixed in 26.52026-05-11
CVE-2026-28901 [MEDIUM] CWE-119 CVE-2026-28901: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28977MEDIUMCVSS 6.2fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28977 [MEDIUM] CWE-119 CVE-2026-28977: The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
nvd
CVE-2026-28942MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28942 [MEDIUM] CWE-416 CVE-2026-28942: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvd
CVE-2026-28996MEDIUMCVSS 5.5fixed in 26.52026-05-11
CVE-2026-28996 [MEDIUM] CWE-362 CVE-2026-28996: A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadO A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.
nvd
CVE-2026-28903MEDIUMCVSS 6.5fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28903 [MEDIUM] CWE-119 CVE-2026-28903: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28993MEDIUMCVSS 5.5fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28993 [MEDIUM] CWE-284 CVE-2026-28993: This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.
nvd
CVE-2026-28902MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28902 [MEDIUM] CWE-119 CVE-2026-28902: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28956MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28956 [MEDIUM] CWE-125 CVE-2026-28956: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 2 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
nvd
CVE-2026-28917MEDIUMCVSS 4.3fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28917 [MEDIUM] CWE-20 CVE-2026-28917: The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7 The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28992MEDIUMCVSS 4.7fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28992 [MEDIUM] CWE-362 CVE-2026-28992: A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
nvd
CVE-2026-28847MEDIUMCVSS 6.5fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28847 [MEDIUM] CWE-119 CVE-2026-28847: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2026-28918MEDIUMCVSS 6.5fixed in 26.52026-05-11
CVE-2026-28918 [MEDIUM] CWE-125 CVE-2026-28918: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
nvd
CVE-2026-28920MEDIUMCVSS 6.5fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28920 [MEDIUM] CWE-200 CVE-2026-28920: An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 a An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.
nvd
CVE-2026-28971MEDIUMCVSS 4.3fixed in 26.52026-05-11
CVE-2026-28971 [MEDIUM] CWE-1021 CVE-2026-28971: The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website’s download settings.
nvd
CVE-2026-28958MEDIUMCVSS 5.5fixed in 26.52026-05-11
CVE-2026-28958 [MEDIUM] CWE-200 CVE-2026-28958: This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
nvd
CVE-2026-28897MEDIUMCVSS 6.2fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-28897 [MEDIUM] CWE-121 CVE-2026-28897: A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 an A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system termination or read kernel memory.
nvd
CVE-2026-43659MEDIUMCVSS 4.7fixed in 18.7.9fixed in 26.52026-05-11
CVE-2026-43659 [MEDIUM] CWE-362 CVE-2026-43659: A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPa A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
nvd
← Previous3 / 77Next →