Apple iPadOS vulnerabilities
1,835 known vulnerabilities affecting apple/ipados.
Total CVEs
1,835
CISA KEV
79
actively exploited
Public exploits
8
Exploited in wild
62
Severity breakdown
CRITICAL105HIGH806MEDIUM800LOW124
Vulnerabilities
Page 78 of 92
CVE-2020-27946MEDIUMCVSS 5.5fixed in 14.32021-04-02
CVE-2020-27946 [MEDIUM] CVE-2020-27946: An information disclosure issue was addressed with improved state management. This issue is fixed in
An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.
nvd
CVE-2021-1769MEDIUMCVSS 5.5fixed in 14.42021-04-02
CVE-2021-1769 [MEDIUM] CVE-2021-1769: A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Sec
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
nvd
CVE-2021-1760MEDIUMCVSS 5.5fixed in 14.42021-04-02
CVE-2021-1760 [MEDIUM] CWE-787 CVE-2021-1760: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.
nvd
CVE-2020-9978MEDIUMCVSS 4.5fixed in 14.02021-04-02
CVE-2020-9978 [MEDIUM] CVE-2020-9978: This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.
This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.
nvd
CVE-2020-29608MEDIUMCVSS 5.5fixed in 14.32021-04-02
CVE-2020-29608 [MEDIUM] CWE-125 CVE-2020-29608: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to lea
nvd
CVE-2021-1756LOWCVSS 2.4fixed in 14.42021-04-02
CVE-2021-1756 [LOW] CVE-2021-1756: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with imp
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information.
nvd
CVE-2020-29623LOWCVSS 3.3fixed in 14.32021-04-02
CVE-2020-29623 [LOW] CVE-2020-29623: "Clear History and Website Data" did not clear the history. The issue was addressed with improved da
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
nvd
CVE-2020-7463MEDIUMCVSS 5.5fixed in 14.52021-03-26
CVE-2020-7463 [MEDIUM] CWE-416 CVE-2020-7463: In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELE
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour
nvd
CVE-2021-23841MEDIUMCVSS 5.9fixed in 14.62021-02-16
CVE-2021-23841 [MEDIUM] CWE-476 CVE-2021-23841: The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This ma
nvd
CVE-2020-27927HIGHCVSS 7.8fixed in 14.22020-12-08
CVE-2020-27927 [HIGH] CWE-787 CVE-2020-27927: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.
nvd
CVE-2020-9981HIGHCVSS 7.8fixed in 14.02020-12-08
CVE-2020-9981 [HIGH] CWE-416 CVE-2020-9981: A use after free issue was addressed with improved memory management. This issue is fixed in watchOS
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code
nvd
CVE-2020-27909HIGHCVSS 7.8fixed in 14.22020-12-08
CVE-2020-27909 [HIGH] CWE-125 CVE-2020-27909: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
nvd
CVE-2020-10011HIGHCVSS 7.8fixed in 14.22020-12-08
CVE-2020-10011 [HIGH] CWE-125 CVE-2020-10011: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 a
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
nvd
CVE-2020-10016HIGHCVSS 7.8fixed in 14.22020-12-08
CVE-2020-10016 [HIGH] CWE-787 CVE-2020-10016: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2020-9954HIGHCVSS 7.8fixed in 14.02020-12-08
CVE-2020-9954 [HIGH] CWE-120 CVE-2020-9954: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.
nvd
CVE-2020-27905HIGHCVSS 7.8fixed in 14.22020-12-08
CVE-2020-27905 [HIGH] CWE-787 CVE-2020-27905: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.
nvd
CVE-2020-9947HIGHCVSS 8.8fixed in 14.02020-12-08
CVE-2020-9947 [HIGH] CWE-416 CVE-2020-9947: A use after free issue was addressed with improved memory management. This issue is fixed in watchOS
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-10013HIGHCVSS 7.8fixed in 14.02020-12-08
CVE-2020-10013 [HIGH] CVE-2020-10013: A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2020-9996HIGHCVSS 7.8fixed in 14.02020-12-08
CVE-2020-9996 [HIGH] CWE-416 CVE-2020-9996: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.
nvd
CVE-2020-9950HIGHCVSS 8.8fixed in 14.02020-12-08
CVE-2020-9950 [HIGH] CWE-416 CVE-2020-9950: A use after free issue was addressed with improved memory management. This issue is fixed in watchOS
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd