Apple Ipad Os vulnerabilities

CVE-2023-42977 [HIGH] CWE-20 CVE-2023-42977: A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPad A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.

CVE-2025-24203 [MEDIUM] CVE-2025-24203: The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.

CVE-2024-44297 [MEDIUM] CVE-2024-44297: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service.

CVE-2024-44139 [LOW] CWE-200 CVE-2024-44139: The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attack The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

CVE-2023-42974 [HIGH] CWE-362 CVE-2023-42974: A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 1 A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-23270 [HIGH] CWE-787 CVE-2024-23270: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.

CVE-2024-0258 [HIGH] CWE-284 CVE-2024-0258: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE-2024-23226 [HIGH] CWE-787 CVE-2024-23226: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.

CVE-2024-23205 [MEDIUM] CWE-922 CVE-2024-23205: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data.

CVE-2024-23273 [MEDIUM] CWE-295 CVE-2024-23273: This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.

CVE-2024-23250 [MEDIUM] CWE-863 CVE-2024-23250: An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.

CVE-2024-23220 [MEDIUM] CVE-2024-23220: The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to fingerprint the user.

CVE-2024-23297 [MEDIUM] CVE-2024-23297: The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information.

CVE-2024-23293 [MEDIUM] CVE-2024-23293: This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.

CVE-2024-23277 [MEDIUM] CVE-2024-23277: The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

CVE-2024-23280 [MEDIUM] CWE-74 CVE-2024-23280: An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 1 An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

CVE-2024-23239 [MEDIUM] CWE-362 CVE-2024-23239: A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPa A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.

CVE-2024-23241 [MEDIUM] CWE-922 CVE-2024-23241: This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information.

CVE-2024-23254 [MEDIUM] CVE-2024-23254: The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.

CVE-2024-23242 [LOW] CWE-532 CVE-2024-23242: A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17. A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data.