Apple iPadOS vulnerabilities

1,828 known vulnerabilities affecting apple/ipados.

Total CVEs

1,828

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL105HIGH801MEDIUM799LOW123

Vulnerabilities

Page 17 of 92

CVE-2025-24264CRITICALCVSS 9.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24264 [CRITICAL] CWE-400 CVE-2025-24264: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

cvelistv5nvd

CVE-2025-24211CRITICALCVSS 9.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24211 [CRITICAL] CWE-400 CVE-2025-24211: This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 1 This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

cvelistv5nvd

CVE-2025-30465CRITICALCVSS 9.8fixed in 17.7.62025-03-31

CVE-2025-30465 [CRITICAL] CWE-276 CVE-2025-30465: A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, ma A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

cvelistv5nvd

CVE-2025-30433CRITICALCVSS 9.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-30433 [CRITICAL] CWE-284 CVE-2025-30433: This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPad This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

cvelistv5nvd

CVE-2025-24237CRITICALCVSS 9.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24237 [CRITICAL] CWE-120 CVE-2025-24237: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and i A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.

cvelistv5nvd

CVE-2025-24259CRITICALCVSS 9.8fixed in 17.7.72025-03-31

CVE-2025-24259 [CRITICAL] CWE-862 CVE-2025-24259: This issue was addressed with additional entitlement checks. This issue is fixed in iPadOS 17.7.7, m This issue was addressed with additional entitlement checks. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.

cvelistv5nvd

CVE-2025-31182CRITICALCVSS 9.8fixed in 18.42025-03-31

CVE-2025-31182 [CRITICAL] CWE-862 CVE-2025-31182: This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPa This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission.

nvd

CVE-2025-31183CRITICALCVSS 9.8fixed in 18.42025-03-31

CVE-2025-31183 [CRITICAL] CWE-200 CVE-2025-31183: The issue was addressed with improved restriction of data container access. This issue is fixed in i The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.

nvd

CVE-2025-24167CRITICALCVSS 9.8fixed in 18.42025-03-31

CVE-2025-24167 [CRITICAL] CVE-2025-24167: This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. A download's origin may be incorrectly associated.

nvd

CVE-2025-30430CRITICALCVSS 9.8fixed in 18.42025-03-31

CVE-2025-30430 [CRITICAL] CWE-287 CVE-2025-30430: This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Password autofill may fill in passwords after failing authentication.

nvd

CVE-2025-24178CRITICALCVSS 9.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24178 [CRITICAL] CVE-2025-24178: This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox.

cvelistv5nvd

CVE-2025-24238CRITICALCVSS 9.8fixed in 18.42025-03-31

CVE-2025-24238 [CRITICAL] CWE-276 CVE-2025-24238: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, m A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.

nvd

CVE-2025-24190CRITICALCVSS 9.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24190 [CRITICAL] CWE-400 CVE-2025-24190: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

cvelistv5nvd

CVE-2025-24257HIGHCVSS 7.1fixed in 18.42025-03-31

CVE-2025-24257 [HIGH] CWE-787 CVE-2025-24257: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory.

nvd

CVE-2025-24243HIGHCVSS 7.8fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24243 [HIGH] CWE-94 CVE-2025-24243: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.

cvelistv5nvd

CVE-2025-24180HIGHCVSS 8.1fixed in 18.42025-03-31

CVE-2025-24180 [HIGH] CWE-601 CVE-2025-24180: The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

nvd

CVE-2025-30471HIGHCVSS 7.5fixed in 18.4fixed in 17.7.62025-03-31

CVE-2025-30471 [HIGH] CWE-20 CVE-2025-30471: A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18. A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.

cvelistv5nvd

CVE-2025-24213HIGHCVSS 7.8fixed in 17.7.6≥ 18.0, < 18.4+1 more2025-03-31

CVE-2025-24213 [HIGH] CWE-843 CVE-2025-24213: This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 1 This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.

cvelistv5nvd

CVE-2025-24095HIGHCVSS 7.6fixed in 18.42025-03-31

CVE-2025-24095 [HIGH] CWE-288 CVE-2025-24095: This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPa This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.

nvd

CVE-2025-24221HIGHCVSS 7.5fixed in 17.7.6≥ 18.0, < 18.42025-03-31

CVE-2025-24221 [HIGH] CWE-863 CVE-2025-24221: This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.

cvelistv5nvd

← Previous17 / 92Next →