Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 81 of 197
CVE-2020-9926HIGHCVSS 7.8fixed in 13.62021-04-02
CVE-2020-9926 [HIGH] CWE-416 CVE-2020-9926: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or
nvd
CVE-2020-9955HIGHCVSS 7.8fixed in 14.02021-04-02
CVE-2020-9955 [HIGH] CWE-787 CVE-2020-9955: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in wat
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2021-1776HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1776 [HIGH] CWE-787 CVE-2021-1776: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution.
nvd
CVE-2021-1774HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1774 [HIGH] CVE-2021-1774: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security U
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2021-1777HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1777 [HIGH] CVE-2021-1777: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security U
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-29617HIGHCVSS 7.8fixed in 14.32021-04-02
CVE-2020-29617 [HIGH] CWE-125 CVE-2020-29617: An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.
nvd
CVE-2021-1772HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1772 [HIGH] CWE-787 CVE-2021-1772: A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur
A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.
nvd
CVE-2021-1744HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1744 [HIGH] CWE-787 CVE-2021-1744: An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-29624HIGHCVSS 7.8fixed in 14.32021-04-02
CVE-2020-29624 [HIGH] CWE-787 CVE-2020-29624: A memory corruption issue existed in the processing of font files. This issue was addressed with imp
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary cod
nvd
CVE-2020-27943HIGHCVSS 7.8fixed in 14.32021-04-02
CVE-2020-27943 [HIGH] CWE-787 CVE-2020-27943: A memory corruption issue existed in the processing of font files. This issue was addressed with imp
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary cod
nvd
CVE-2020-9962HIGHCVSS 7.8fixed in 14.02021-04-02
CVE-2020-9962 [HIGH] CWE-120 CVE-2020-9962: A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2021-1743HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1743 [HIGH] CWE-125 CVE-2021-1743: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2021-1758HIGHCVSS 7.8fixed in 14.42021-04-02
CVE-2021-1758 [HIGH] CWE-125 CVE-2021-1758: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
nvd
CVE-2020-29618HIGHCVSS 7.8fixed in 14.32021-04-02
CVE-2020-29618 [HIGH] CWE-125 CVE-2020-29618: An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-27944HIGHCVSS 7.8fixed in 14.32021-04-02
CVE-2020-27944 [HIGH] CWE-787 CVE-2020-27944: A memory corruption issue existed in the processing of font files. This issue was addressed with imp
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary cod
nvd
CVE-2020-29639MEDIUMCVSS 5.5fixed in 14.02021-04-02
CVE-2020-29639 [MEDIUM] CWE-125 CVE-2020-29639: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory.
nvd
CVE-2021-1780MEDIUMCVSS 4.4fixed in 14.42021-04-02
CVE-2021-1780 [MEDIUM] CWE-665 CVE-2021-1780: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.
nvd
CVE-2021-1879MEDIUMCVSS 6.1KEVfixed in 12.5.2≥ 13.0, < 14.4.22021-04-02
CVE-2021-1879 [MEDIUM] CWE-79 CVE-2021-1879: This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
nvd
CVE-2021-1797MEDIUMCVSS 5.5fixed in 14.42021-04-02
CVE-2021-1797 [MEDIUM] CVE-2021-1797: The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2,
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.
nvd
CVE-2020-29615MEDIUMCVSS 5.5fixed in 14.32021-04-02
CVE-2020-29615 [MEDIUM] CWE-125 CVE-2020-29615: An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.
nvd