Apple tvOS 18.1 vulnerabilities
2,001 known vulnerabilities affecting apple/tvos at version 18.1.
Total CVEs
2,001
CISA KEV
37
actively exploited
Public exploits
174
Exploited in wild
28
Severity breakdown
CRITICAL125HIGH1101MEDIUM722LOW53
Vulnerabilities
Page 10 of 13
CVE-2025-31201CRITICALCVSS 9.8KEVfixed in 18.4.12025-04-16
CVE-2025-31201 [CRITICAL] CWE-1220 CVE-2025-31201: This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPad
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely soph
cvelistv5nvd
CVE-2025-31200CRITICALCVSS 9.8KEVfixed in 18.4.12025-04-16
CVE-2025-31200 [CRITICAL] CWE-119 CVE-2025-31200: A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited
cvelistv5nvd
CVE-2025-30426CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-30426 [CRITICAL] CWE-200 CVE-2025-30426: This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPa
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps.
cvelistv5nvd
CVE-2025-24230CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24230 [CRITICAL] CWE-125 CVE-2025-24230: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination.
cvelistv5nvd
CVE-2025-24264CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24264 [CRITICAL] CWE-400 CVE-2025-24264: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-24211CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24211 [CRITICAL] CWE-400 CVE-2025-24211: This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 1
This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
cvelistv5nvd
CVE-2025-31182CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-31182 [CRITICAL] CWE-862 CVE-2025-31182: This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPa
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission.
cvelistv5nvd
CVE-2025-31183CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-31183 [CRITICAL] CWE-200 CVE-2025-31183: The issue was addressed with improved restriction of data container access. This issue is fixed in i
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-24178CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24178 [CRITICAL] CVE-2025-24178: This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox.
cvelistv5nvd
CVE-2025-24238CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24238 [CRITICAL] CWE-276 CVE-2025-24238: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, m
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.
cvelistv5nvd
CVE-2025-24190CRITICALCVSS 9.8fixed in 18.42025-03-31
CVE-2025-24190 [CRITICAL] CWE-400 CVE-2025-24190: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
cvelistv5nvd
CVE-2025-24243HIGHCVSS 7.8fixed in 18.42025-03-31
CVE-2025-24243 [HIGH] CWE-94 CVE-2025-24243: The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.
cvelistv5nvd
CVE-2025-30471HIGHCVSS 7.5fixed in 18.42025-03-31
CVE-2025-30471 [HIGH] CWE-20 CVE-2025-30471: A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.
A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.
cvelistv5nvd
CVE-2025-24213HIGHCVSS 7.8fixed in 18.4fixed in 18.52025-03-31
CVE-2025-24213 [HIGH] CWE-843 CVE-2025-24213: This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 1
This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.
cvelistv5nvd
CVE-2025-24209HIGHCVSS 7.0fixed in 18.42025-03-31
CVE-2025-24209 [HIGH] CWE-120 CVE-2025-24209: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 1
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.
cvelistv5nvd
CVE-2025-24173HIGHCVSS 7.8fixed in 18.42025-03-31
CVE-2025-24173 [HIGH] CWE-284 CVE-2025-24173: This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPa
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.
cvelistv5nvd
CVE-2025-30432MEDIUMCVSS 6.4fixed in 18.42025-03-31
CVE-2025-30432 [MEDIUM] CWE-287 CVE-2025-30432: A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPad
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
cvelistv5nvd
CVE-2025-24216MEDIUMCVSS 4.3fixed in 18.42025-03-31
CVE-2025-24216 [MEDIUM] CWE-119 CVE-2025-24216: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-24217MEDIUMCVSS 5.5fixed in 18.42025-03-31
CVE-2025-24217 [MEDIUM] CWE-200 CVE-2025-24217: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-31191MEDIUMCVSS 5.5fixed in 18.42025-03-31
CVE-2025-31191 [MEDIUM] CWE-200 CVE-2025-31191: This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPad
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
cvelistv5nvd