Apple iPadOS vulnerabilities

CVE-2024-44131 [MEDIUM] CWE-59 CVE-2024-44131: This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPa This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.

CVE-2024-44184 [MEDIUM] CWE-200 CVE-2024-44184: A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.7 and A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.

CVE-2024-27880 [MEDIUM] CWE-125 CVE-2024-27880: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.

CVE-2024-44158 [MEDIUM] CWE-200 CVE-2024-44158: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. A shortcut may output sensitive user data without consent.

CVE-2024-44183 [MEDIUM] CWE-400 CVE-2024-44183: A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause a denial-of-service.

CVE-2024-44147 [MEDIUM] CWE-269 CVE-2024-44147: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.

CVE-2024-44191 [MEDIUM] CVE-2024-44191: This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17. This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth.

CVE-2024-44167 [MEDIUM] CWE-22 CVE-2024-44167: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18 and iPadOS 1 This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. An app may be able to overwrite arbitrary files.

CVE-2024-44171 [MEDIUM] CVE-2024-44171: This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPad This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

CVE-2024-27876 [MEDIUM] CWE-362 CVE-2024-27876: A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17. A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

CVE-2024-40844 [MEDIUM] CVE-2024-40844: A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to observe data displayed to the user by Shortcuts.

CVE-2024-40857 [MEDIUM] CWE-79 CVE-2024-40857: This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2024-40840 [MEDIUM] CVE-2024-40840: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.

CVE-2024-44202 [MEDIUM] CWE-287 CVE-2024-44202: An authentication issue was addressed with improved state management. This issue is fixed in Safari An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

CVE-2024-40852 [MEDIUM] CWE-862 CVE-2024-40852: This issue was addressed by restricting options offered on a locked device. This issue is fixed in i This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.

CVE-2024-27869 [MEDIUM] CWE-22 CVE-2024-27869: The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Seq The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.

CVE-2024-40791 [LOW] CWE-532 CVE-2024-40791: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.

CVE-2024-44180 [LOW] CWE-200 CVE-2024-44180: The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attack The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

CVE-2024-40830 [LOW] CVE-2024-40830: This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.

CVE-2024-27826 [HIGH] CWE-269 CVE-2024-27826: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.