Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 24 of 197
CVE-2024-44308HIGHCVSS 8.8KEVfixed in 17.7.2≥ 18.0, < 18.1.12024-11-20
CVE-2024-44308 [HIGH] CVE-2024-44308: The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and i
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac sys
nvd
CVE-2024-44309MEDIUMCVSS 6.3KEVfixed in 17.7.2≥ 18.0, < 18.1.12024-11-20
CVE-2024-44309 [MEDIUM] CWE-79 CVE-2024-44309: A cookie management issue was addressed with improved state management. This issue is fixed in Safar
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been a
nvd
CVE-2024-44233MEDIUMCVSS 5.5fixed in 17.7.1v18.02024-11-01
CVE-2024-44233 [MEDIUM] CWE-120 CVE-2024-44233: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17
The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
nvd
CVE-2024-44232MEDIUMCVSS 5.5fixed in 17.7.1v18.02024-11-01
CVE-2024-44232 [MEDIUM] CWE-120 CVE-2024-44232: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17
The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
nvd
CVE-2024-44234MEDIUMCVSS 5.5fixed in 17.7.1v18.02024-11-01
CVE-2024-44234 [MEDIUM] CWE-120 CVE-2024-44234: The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17
The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.
nvd
CVE-2024-44217CRITICALCVSS 9.1fixed in 18.02024-10-28
CVE-2024-44217 [CRITICAL] CWE-863 CVE-2024-44217: A permissions issue was addressed by removing vulnerable code and adding additional checks. This iss
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.
nvd
CVE-2024-40867CRITICALCVSS 9.6fixed in 18.12024-10-28
CVE-2024-40867 [CRITICAL] CVE-2024-40867: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
nvd
CVE-2024-44252HIGHCVSS 7.1fixed in 17.7.1≥ 18.0, < 18.12024-10-28
CVE-2024-44252 [HIGH] CVE-2024-44252: A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadO
A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
nvd
CVE-2024-44258HIGHCVSS 7.1fixed in 17.7.1≥ 18.0, < 18.12024-10-28
CVE-2024-44258 [HIGH] CWE-59 CVE-2024-44258: This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and i
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
nvd
CVE-2024-44255HIGHCVSS 7.8fixed in 18.12024-10-28
CVE-2024-44255 [HIGH] CWE-22 CVE-2024-44255: A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent.
nvd
CVE-2024-44126HIGHCVSS 7.8fixed in 17.72024-10-28
CVE-2024-44126 [HIGH] CWE-787 CVE-2024-44126: The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 1
The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption.
nvd
CVE-2024-44285HIGHCVSS 7.8≥ 18.0, < 18.12024-10-28
CVE-2024-44285 [HIGH] CWE-416 CVE-2024-44285: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
nvd
CVE-2024-44277HIGHCVSS 7.8fixed in 18.12024-10-28
CVE-2024-44277 [HIGH] CWE-787 CVE-2024-44277: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
nvd
CVE-2024-44218HIGHCVSS 7.8fixed in 17.7.1v18.02024-10-28
CVE-2024-44218 [HIGH] CWE-787 CVE-2024-44218: This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1,
This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption.
nvd
CVE-2024-44259HIGHCVSS 7.5fixed in 17.7.1≥ 18.0, < 18.12024-10-28
CVE-2024-44259 [HIGH] CVE-2024-44259: This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.
nvd
CVE-2024-44194MEDIUMCVSS 5.5fixed in 18.12024-10-28
CVE-2024-44194 [MEDIUM] CVE-2024-44194: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An app may be able to access sensitive user data.
nvd
CVE-2024-44240MEDIUMCVSS 5.5fixed in 17.7.1≥ 18.0, < 18.12024-10-28
CVE-2024-44240 [MEDIUM] CVE-2024-44240: The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, i
The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.
nvd
CVE-2024-44254MEDIUMCVSS 5.5fixed in 18.12024-10-28
CVE-2024-44254 [MEDIUM] CVE-2024-44254: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, watchOS 11.1. An app may be able to access sensitive user data.
nvd
CVE-2024-44145MEDIUMCVSS 6.1fixed in 18.02024-10-28
CVE-2024-44145 [MEDIUM] CVE-2024-44145: This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
nvd
CVE-2024-44155MEDIUMCVSS 6.5fixed in 17.7.12024-10-28
CVE-2024-44155 [MEDIUM] CVE-2024-44155: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy.
nvd