Apple iPadOS vulnerabilities

1,906 known vulnerabilities affecting apple/ipados.

Total CVEs

1,906

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL105HIGH848MEDIUM828LOW125

Vulnerabilities

Page 16 of 96

CVE-2025-43234CRITICALCVSS 9.8fixed in 18.62025-07-30

CVE-2025-43234 [CRITICAL] CWE-20 CVE-2025-43234: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

nvd

CVE-2025-31279CRITICALCVSS 9.8fixed in 17.7.92025-07-30

CVE-2025-31279 [CRITICAL] CWE-200 CVE-2025-31279: A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9 A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint the user.

nvdapple

CVE-2025-31273HIGHCVSS 8.8fixed in 18.62025-07-30

CVE-2025-31273 [HIGH] CWE-119 CVE-2025-31273: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

nvd

CVE-2025-24224HIGHCVSS 7.5fixed in 17.7.9≥ 18.0, < 18.52025-07-30

CVE-2025-24224 [HIGH] CWE-754 CVE-2025-24224: The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadO The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination.

nvdapple

CVE-2025-43223HIGHCVSS 7.5fixed in 17.7.7≥ 18.0, < 18.6+1 more2025-07-30

CVE-2025-43223 [HIGH] CWE-20 CVE-2025-43223: A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 1 A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.

nvdapple

CVE-2025-31278HIGHCVSS 8.8fixed in 17.7.9≥ 18.0, < 18.62025-07-30

CVE-2025-31278 [HIGH] CWE-119 CVE-2025-31278: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

nvdapple

CVE-2025-43221HIGHCVSS 7.1fixed in 18.62025-07-30

CVE-2025-43221 [HIGH] CWE-125 CVE-2025-43221: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

nvd

CVE-2025-43227HIGHCVSS 7.5fixed in 18.62025-07-30

CVE-2025-43227 [HIGH] CWE-359 CVE-2025-43227: This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.

nvd

CVE-2025-31277HIGHCVSS 8.8KEVfixed in 18.62025-07-30

CVE-2025-31277 [HIGH] CWE-119 CVE-2025-31277: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

nvd

CVE-2025-43224HIGHCVSS 7.1fixed in 18.62025-07-30

CVE-2025-43224 [HIGH] CWE-787 CVE-2025-43224: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iO An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

nvd

CVE-2025-43213MEDIUMCVSS 6.5fixed in 18.62025-07-30

CVE-2025-43213 [MEDIUM] CWE-119 CVE-2025-43213: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

nvd

CVE-2025-43226MEDIUMCVSS 4.0fixed in 17.7.9≥ 18.0, < 18.62025-07-30

CVE-2025-43226 [MEDIUM] CWE-125 CVE-2025-43226: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.

nvdapple

CVE-2025-43265MEDIUMCVSS 4.0fixed in 18.62025-07-30

CVE-2025-43265 [MEDIUM] CWE-125 CVE-2025-43265: An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18 An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.

nvd

CVE-2025-43211MEDIUMCVSS 6.2fixed in 17.7.9≥ 18.0, < 18.62025-07-30

CVE-2025-43211 [MEDIUM] CWE-770 CVE-2025-43211: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.

nvdapple

CVE-2025-43214MEDIUMCVSS 6.5fixed in 18.62025-07-30

CVE-2025-43214 [MEDIUM] CWE-119 CVE-2025-43214: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

nvd

CVE-2025-43230MEDIUMCVSS 4.0fixed in 17.7.9≥ 18.0, < 18.62025-07-30

CVE-2025-43230 [MEDIUM] CWE-863 CVE-2025-43230: The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPad The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.

nvdapple

CVE-2025-43225MEDIUMCVSS 5.5fixed in 17.7.92025-07-30

CVE-2025-43225 [MEDIUM] CWE-532 CVE-2025-43225: A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, ma A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

nvdapple

CVE-2025-43217MEDIUMCVSS 4.0fixed in 17.7.9≥ 18.0, < 18.62025-07-30

CVE-2025-43217 [MEDIUM] CWE-359 CVE-2025-43217: The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.

nvdapple

CVE-2025-43216MEDIUMCVSS 6.5fixed in 17.7.9≥ 18.0, < 18.62025-07-30

CVE-2025-43216 [MEDIUM] CWE-416 CVE-2025-43216: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

nvdapple

CVE-2025-43228MEDIUMCVSS 4.3fixed in 18.62025-07-30

CVE-2025-43228 [MEDIUM] CWE-451 CVE-2025-43228: The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18 The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.

nvd

← Previous16 / 96Next →