{"cves":[{"cve_id":"CVE-2025-43210","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155"],"published_time":"2026-04-02T19:20:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43202","summary":"This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149"],"published_time":"2026-04-02T19:20:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28882","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28886","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19251,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28894","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28895","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28870","summary":"An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28871","summary":"A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09999,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28874","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cause an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.3434,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28875","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.3204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28876","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.1555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28877","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28878","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28879","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28880","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15398,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28859","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28861","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28863","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28864","summary":"This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00955,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28865","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28866","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05305,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28867","summary":"This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28868","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28852","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28855","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28856","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28857","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28858","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28833","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.0245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28822","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker may be able to cause unexpected app termination.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20692","summary":"A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. \"Hide IP Address\" and \"Block All Remote Content\" may not apply to all mail content.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20694","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20698","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20665","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20668","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20686","summary":"This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20687","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20688","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20690","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciously crafted media file may terminate the process.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20691","summary":"An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20637","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20657","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.1453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20664","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43534","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.0551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/126793"],"published_time":"2026-03-25T01:17:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20643","summary":"A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126604","https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800","http://seclists.org/fulldisclosure/2026/Mar/10"],"published_time":"2026-03-17T23:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-43010","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15537,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120300","https://support.apple.com/en-us/120877","https://support.apple.com/en-us/120879","https://support.apple.com/en-us/126632","https://support.apple.com/en-us/126646","http://seclists.org/fulldisclosure/2026/Mar/1"],"published_time":"2026-03-12T01:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20677","summary":"A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions.","cvss":9.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.0,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20678","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20680","summary":"The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20682","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20700","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57661,"kev":true,"propose_action":"Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20667","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126352"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20671","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20673","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off \"Load remote content in messages” may not apply to all mail previews.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20674","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05934,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20675","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-174/"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20676","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20652","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20653","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20654","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02432,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20655","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20656","summary":"A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20660","summary":"A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354","https://support.apple.com/en-us/126795"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20661","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20663","summary":"The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20640","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05934,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20641","summary":"A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20642","summary":"An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20644","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.1347,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20645","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20649","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20650","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20626","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.0204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20627","summary":"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20628","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20634","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20635","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15212,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20636","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20638","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20615","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20616","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-176/"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20617","summary":"A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20621","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20605","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00798,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20606","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02206,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20608","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20609","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20611","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-173/"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46305","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.0109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43537","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46300","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.0109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46301","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.0109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46302","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.0109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46303","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.0109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46304","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46306","summary":"The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/126254"],"published_time":"2026-01-28T18:16:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46316","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/126255"],"published_time":"2026-01-28T18:16:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44238","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54556","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24089","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24090","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":5e-05,"ranking_epss":0.00209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-50890","summary":"Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00443,"ranking_epss":0.63354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/owlfiles-file-manager/id510282524","https://www.exploit-db.com/exploits/51036","https://www.skyjos.com/","https://www.vulncheck.com/advisories/owlfiles-file-manager-path-traversal","https://www.exploit-db.com/exploits/51036"],"published_time":"2026-01-13T23:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-50891","summary":"Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":5.1,"epss":0.00061,"ranking_epss":0.19067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/owlfiles-file-manager/id510282524","https://www.exploit-db.com/exploits/51036","https://www.skyjos.com/","https://www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-via-http-server","https://www.exploit-db.com/exploits/51036"],"published_time":"2026-01-13T23:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46286","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46298","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46299","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46288","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46292","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885"],"published_time":"2025-12-17T21:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46277","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125890"],"published_time":"2025-12-17T21:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46279","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43533","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43535","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43536","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43541","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16676,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43529","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.39005,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"],"published_time":"2025-12-17T21:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43531","summary":"A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43501","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43475","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884"],"published_time":"2025-12-17T21:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43428","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43511","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-12T21:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43520","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00273,"ranking_epss":0.50785,"kev":true,"propose_action":"Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43520"],"published_time":"2025-12-12T21:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43494","summary":"A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-12-12T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43510","summary":"A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00511,"ranking_epss":0.66492,"kev":true,"propose_action":"Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43510"],"published_time":"2025-12-12T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43437","summary":"An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-12-12T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14174","summary":"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01047,"ranking_epss":0.77536,"kev":true,"propose_action":"Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/466192044","https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"],"published_time":"2025-12-12T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31216","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to override managed Wi-Fi profiles.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405"],"published_time":"2025-11-21T22:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43374","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722"],"published_time":"2025-11-21T22:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43205","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-11-12T01:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43418","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-05T19:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-43000","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18675,"kev":true,"propose_action":"Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120324","https://support.apple.com/en-us/120331","https://support.apple.com/en-us/120338","https://support.apple.com/en-us/126632","https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000"],"published_time":"2025-11-05T19:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43500","summary":"A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43502","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to bypass certain Privacy preferences.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43503","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Visiting a malicious website may lead to user interface spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43507","summary":"A privacy issue was addressed by moving sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43480","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43493","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43495","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43496","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43498","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43455","summary":"A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43457","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43458","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43460","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06817,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43462","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43443","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43444","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43445","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43447","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43448","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43449","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43450","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43452","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43454","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43432","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43433","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43434","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43435","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43436","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43438","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43439","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.0307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43440","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.1918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43441","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43442","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43422","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43423","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.","cvss":2.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.0,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43424","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. A malicious HID device may cause an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43425","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43426","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43427","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43429","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43430","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43431","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43407","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43413","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A sandboxed app may be able to observe system-wide network connections.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43419","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43421","summary":"Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.1128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43392","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43398","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43379","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43383","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43384","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43385","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43386","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43389","summary":"A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43391","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43365","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05668,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43376","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 26, iOS 18.7.7 and iPadOS 18.7.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/126793"],"published_time":"2025-11-04T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43360","summary":"The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.0399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108"],"published_time":"2025-11-04T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43361","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A malicious app may be able to read kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.0405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636"],"published_time":"2025-11-04T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43350","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43345","summary":"A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43338","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/126350"],"published_time":"2025-11-04T02:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43323","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43309","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.0819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108"],"published_time":"2025-11-04T02:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43282","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155"],"published_time":"2025-10-15T20:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43280","summary":"The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147"],"published_time":"2025-10-15T20:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43400","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.35402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125326","https://support.apple.com/en-us/125327","https://support.apple.com/en-us/125328","https://support.apple.com/en-us/125329","https://support.apple.com/en-us/125330","https://support.apple.com/en-us/125338","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125639","http://seclists.org/fulldisclosure/2025/Sep/73","http://seclists.org/fulldisclosure/2025/Sep/76","http://seclists.org/fulldisclosure/2025/Sep/78"],"published_time":"2025-09-29T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43362","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/50"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43368","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16984,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43372","summary":"The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/125636","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43349","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43354","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43355","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43356","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43357","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26. An app may be able to fingerprint the user.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43358","summary":"A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A shortcut may be able to bypass sandbox restrictions.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43359","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43342","summary":"A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00332,"ranking_epss":0.56124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43343","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/10/13/4","https://access.redhat.com/errata/RHSA-2025:19946","https://security-tracker.debian.org/tracker/CVE-2025-43343","https://ubuntu.com/security/CVE-2025-43343","https://webkitgtk.org/security/WSA-2025-0007.html"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43344","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43346","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43347","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An input validation issue was addressed.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.38998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43329","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57"],"published_time":"2025-09-15T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43317","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.0169,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43299","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43302","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43303","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43295","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55"],"published_time":"2025-09-15T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43272","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43190","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43203","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/50"],"published_time":"2025-09-15T23:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30468","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","http://seclists.org/fulldisclosure/2025/Sep/49"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31254","summary":"This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125113","http://seclists.org/fulldisclosure/2025/Sep/59"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31255","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.2969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43300","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.02406,"ranking_epss":0.85104,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/124925","https://support.apple.com/en-us/124926","https://support.apple.com/en-us/124927","https://support.apple.com/en-us/124928","https://support.apple.com/en-us/124929","https://support.apple.com/en-us/125141","https://support.apple.com/en-us/125142","http://seclists.org/fulldisclosure/2025/Sep/10","http://seclists.org/fulldisclosure/2025/Sep/14","http://seclists.org/fulldisclosure/2025/Sep/52","https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md","https://github.com/cisagov/vulnrichment/issues/201","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43300"],"published_time":"2025-08-21T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43265","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43230","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06843,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43234","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43220","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43221","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43222","summary":"A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.3142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43223","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43224","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43225","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43226","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43227","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.43957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43228","summary":"The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124152","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43209","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00205,"ranking_epss":0.42714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43211","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43212","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32006,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43213","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43214","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.4447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43216","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.36062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43217","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31279","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint the user.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31281","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43186","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Parsing a file may lead to an unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.46923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24224","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00365,"ranking_epss":0.58546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31229","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","http://seclists.org/fulldisclosure/2025/Jul/30"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31273","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31276","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","http://seclists.org/fulldisclosure/2025/Jul/31"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31277","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00176,"ranking_epss":0.39143,"kev":true,"propose_action":"Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31278","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6558","summary":"Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37984,"kev":true,"propose_action":"Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/427162086","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"],"published_time":"2025-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43200","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00902,"ranking_epss":0.75733,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122173","https://support.apple.com/en-us/122174","https://support.apple.com/en-us/122345","https://support.apple.com/en-us/122346","https://support.apple.com/en-us/122900","https://support.apple.com/en-us/122901","https://support.apple.com/en-us/122902","https://support.apple.com/en-us/122903","https://support.apple.com/en-us/122904","https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43200"],"published_time":"2025-06-16T22:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30466","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379"],"published_time":"2025-05-29T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31199","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/125636"],"published_time":"2025-05-29T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31185","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066"],"published_time":"2025-05-19T16:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31262","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25104,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073"],"published_time":"2025-05-19T16:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24184","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073"],"published_time":"2025-05-19T16:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24189","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00912,"ranking_epss":0.75893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://www.openwall.com/lists/oss-security/2025/08/02/1"],"published_time":"2025-05-19T16:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31251","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31253","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31257","summary":"This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00799,"ranking_epss":0.74079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31238","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0126,"ranking_epss":0.79442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31239","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.6944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31241","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app termination.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00845,"ranking_epss":0.74824,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31242","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.3, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31245","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31223","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31225","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31226","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31227","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31228","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31233","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0051,"ranking_epss":0.66452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31234","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00523,"ranking_epss":0.66957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31235","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31209","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user information.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31210","summary":"The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.54004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31212","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.2206,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31213","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00489,"ranking_epss":0.65586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31214","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00268,"ranking_epss":0.50367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31215","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01121,"ranking_epss":0.7828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31217","summary":"The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00759,"ranking_epss":0.73371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31219","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.005,"ranking_epss":0.65989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31220","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31221","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00764,"ranking_epss":0.73478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31222","summary":"A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30448","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31196","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31204","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00666,"ranking_epss":0.71282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31205","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31206","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01111,"ranking_epss":0.78183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31207","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31208","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01028,"ranking_epss":0.7734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24223","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24225","summary":"An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30436","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24111","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24144","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24220","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/124148","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24091","summary":"An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121838","https://support.apple.com/en-us/122066"],"published_time":"2025-04-30T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31202","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.2089,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31203","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24179","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.4873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24206","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24251","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00228,"ranking_epss":0.45575,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24252","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://github.com/cakescats/airborn-IOS-CVE-2025-24252/blob/main/airborn_arts_CVE-2025-24252_extractor.sh"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24270","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24271","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30445","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31197","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35694,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31200","summary":"A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02105,"ranking_epss":0.84112,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122282","https://support.apple.com/en-us/122400","https://support.apple.com/en-us/122401","https://support.apple.com/en-us/122402","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/Apr/26","http://seclists.org/fulldisclosure/2025/Jun/14","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/Oct/0","http://seclists.org/fulldisclosure/2025/Oct/4","https://blog.noahhw.dev/posts/cve-2025-31200/","https://news.ycombinator.com/item?id=44161894","https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md","https://github.com/cisagov/vulnrichment/issues/200","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200"],"published_time":"2025-04-16T19:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31201","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02313,"ranking_epss":0.84796,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122282","https://support.apple.com/en-us/122400","https://support.apple.com/en-us/122401","https://support.apple.com/en-us/122402","http://seclists.org/fulldisclosure/2025/Apr/26","http://seclists.org/fulldisclosure/2025/Jun/14","http://seclists.org/fulldisclosure/2025/Oct/0","http://seclists.org/fulldisclosure/2025/Oct/3","http://seclists.org/fulldisclosure/2025/Oct/4","https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md","https://github.com/cisagov/vulnrichment/issues/200","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31201"],"published_time":"2025-04-16T19:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42970","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00467,"ranking_epss":0.64499,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120330","https://support.apple.com/en-us/120947","https://support.apple.com/en-us/120948","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42973","summary":"Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120949"],"published_time":"2025-04-11T15:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38614","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42875","summary":"Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120330","https://support.apple.com/en-us/120947","https://support.apple.com/en-us/120948","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42961","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00375,"ranking_epss":0.59181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120328","https://support.apple.com/en-us/120329","https://support.apple.com/en-us/120337","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42969","summary":"An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120328","https://support.apple.com/en-us/120329","https://support.apple.com/en-us/120337","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31191","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/"],"published_time":"2025-03-31T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31192","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.47038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30469","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30470","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30471","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00989,"ranking_epss":0.76912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31182","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00704,"ranking_epss":0.72134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31183","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00717,"ranking_epss":0.7244,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31184","summary":"This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30456","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30463","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30465","summary":"A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00499,"ranking_epss":0.65954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30467","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.53948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30447","summary":"The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30454","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30427","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01119,"ranking_epss":0.7826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30428","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30429","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30430","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Password autofill may fill in passwords after failing authentication.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30432","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30433","summary":"This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00627,"ranking_epss":0.70265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30434","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30438","summary":"This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.2183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","https://support.apple.com/en-us/122376"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30439","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24283","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30425","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.60674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30426","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00833,"ranking_epss":0.74633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24264","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01384,"ranking_epss":0.80342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24257","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24238","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00808,"ranking_epss":0.7424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24243","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.2677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24244","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24230","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24237","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02455,"ranking_epss":0.85237,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24211","summary":"This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24212","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24213","summary":"This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24214","summary":"A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24215","summary":"The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.25008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24216","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00821,"ranking_epss":0.74451,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24217","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24221","summary":"This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24198","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00204,"ranking_epss":0.42621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24202","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24291,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24205","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24208","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00315,"ranking_epss":0.54637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24209","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.02557,"ranking_epss":0.85535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24210","summary":"A logic error was addressed with improved error handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Parsing an image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24180","summary":"The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00396,"ranking_epss":0.60454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24182","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24190","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24192","summary":"A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24193","summary":"This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24194","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01074,"ranking_epss":0.77806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24095","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24097","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24167","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. A download's origin may be incorrectly associated.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00626,"ranking_epss":0.70256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24173","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24178","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00666,"ranking_epss":0.71276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54551","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-21T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54564","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, visionOS 1.3. A file received from AirDrop may not have the quarantine flag applied.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120915"],"published_time":"2025-03-21T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44276","summary":"This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.2158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837"],"published_time":"2025-03-17T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54525","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01656,"ranking_epss":0.82079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-03-17T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24201","summary":"An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00295,"ranking_epss":0.52889,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122281","https://support.apple.com/en-us/122283","https://support.apple.com/en-us/122284","https://support.apple.com/en-us/122285","https://support.apple.com/en-us/122345","https://support.apple.com/en-us/122346","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122376","http://seclists.org/fulldisclosure/2025/Apr/16","http://seclists.org/fulldisclosure/2025/Apr/7","http://seclists.org/fulldisclosure/2025/Jun/19","http://seclists.org/fulldisclosure/2025/Mar/2","http://seclists.org/fulldisclosure/2025/Mar/3","http://seclists.org/fulldisclosure/2025/Mar/4","http://seclists.org/fulldisclosure/2025/Mar/5","http://seclists.org/fulldisclosure/2025/Oct/1","http://seclists.org/fulldisclosure/2025/Oct/31","https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201","https://github.com/cisagov/vulnrichment/issues/194","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201"],"published_time":"2025-03-11T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-43454","summary":"A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/102741","https://support.apple.com/en-us/102807","https://support.apple.com/en-us/102808","https://support.apple.com/en-us/102836"],"published_time":"2025-03-10T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48610","summary":"This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/102741","https://support.apple.com/en-us/102807","https://support.apple.com/en-us/102808"],"published_time":"2025-03-10T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44227","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00293,"ranking_epss":0.52715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54467","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.3075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54469","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. A local user may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54558","summary":"A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54560","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44179","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24200","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.47285,"ranking_epss":0.97699,"kev":true,"propose_action":"Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122173","https://support.apple.com/en-us/122174","https://support.apple.com/en-us/122345","https://support.apple.com/en-us/122346","http://seclists.org/fulldisclosure/2025/Apr/7","http://seclists.org/fulldisclosure/2025/Feb/7","http://seclists.org/fulldisclosure/2025/Feb/8","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24200"],"published_time":"2025-02-10T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54658","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895"],"published_time":"2025-02-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27859","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895"],"published_time":"2025-02-10T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24161","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24162","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01179,"ranking_epss":0.78767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24163","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sequoia 15.4, macOS Sonoma 14.7.3, tvOS 18.3, tvOS 18.4, visionOS 2.3, visionOS 2.4, watchOS 11.3, watchOS 11.4. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24177","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0022,"ranking_epss":0.44698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24149","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24150","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00308,"ranking_epss":0.54054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24154","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, visionOS 2.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00305,"ranking_epss":0.53824,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24158","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0086,"ranking_epss":0.75069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24159","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19694,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24160","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24131","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24137","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3. An attacker on the local network may corrupt process memory.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24141","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","http://seclists.org/fulldisclosure/2025/Jan/13"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24143","summary":"The issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00131,"ranking_epss":0.3257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24145","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24118","summary":"The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.27023,"ranking_epss":0.96383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24123","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24124","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.0923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24126","summary":"An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt process memory.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24127","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02514,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24128","summary":"The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24129","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may cause an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.29994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24107","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24113","summary":"The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24117","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24086","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24102","summary":"The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current location.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00167,"ranking_epss":0.37862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17"],"published_time":"2025-01-27T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24104","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03852,"ranking_epss":0.88214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","http://seclists.org/fulldisclosure/2025/Jan/14"],"published_time":"2025-01-27T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54541","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54542","summary":"An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121846"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54543","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54550","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24085","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.14832,"ranking_epss":0.94532,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/9","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19","http://seclists.org/fulldisclosure/2025/Jun/19","http://seclists.org/fulldisclosure/2025/Oct/1","http://seclists.org/fulldisclosure/2025/Oct/23","http://seclists.org/fulldisclosure/2025/Oct/30","http://seclists.org/fulldisclosure/2025/Oct/31","https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201","https://github.com/cisagov/vulnrichment/issues/194","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54517","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54518","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54522","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.1791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54523","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.3696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54530","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54468","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54478","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/122067","http://seclists.org/fulldisclosure/2025/Jan/14"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54488","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00209,"ranking_epss":0.43313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54497","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54499","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54507","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.31972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54512","summary":"The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121843"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54470","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contacts from the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.32693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121567"],"published_time":"2025-01-15T20:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54535","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00278,"ranking_epss":0.51243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566"],"published_time":"2025-01-15T20:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27856","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40771","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.1687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40839","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40854","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44136","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54538","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01986,"ranking_epss":0.8363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-12-20T01:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54534","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0107,"ranking_epss":0.77764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://security.netapp.com/advisory/ntap-20250418-0002/"],"published_time":"2024-12-12T02:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54503","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","http://seclists.org/fulldisclosure/2024/Dec/5"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54505","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00587,"ranking_epss":0.69155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54508","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01383,"ranking_epss":0.80333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54510","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54513","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54514","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54526","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00458,"ranking_epss":0.64017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54527","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54486","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54492","summary":"This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54494","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An attacker may be able to create a read-only memory mapping that can be written to.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00211,"ranking_epss":0.43701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54500","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54501","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted file may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54502","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.07285,"ranking_epss":0.9168,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54479","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.007,"ranking_epss":0.72034,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54485","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","http://seclists.org/fulldisclosure/2024/Dec/6"],"published_time":"2024-12-12T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44245","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, visionOS 2.2. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44246","summary":"The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44290","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44299","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44200","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44201","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a malicious crafted file may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/8","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44212","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44225","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44241","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00774,"ranking_epss":0.73645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44242","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00774,"ranking_epss":0.73645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44308","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01547,"ranking_epss":0.81437,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/121752","https://support.apple.com/en-us/121753","https://support.apple.com/en-us/121754","https://support.apple.com/en-us/121755","https://support.apple.com/en-us/121756","http://seclists.org/fulldisclosure/2024/Nov/16","https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308"],"published_time":"2024-11-20T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44309","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.01274,"ranking_epss":0.7956,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/121752","https://support.apple.com/en-us/121753","https://support.apple.com/en-us/121754","https://support.apple.com/en-us/121755","https://support.apple.com/en-us/121756","http://seclists.org/fulldisclosure/2024/Nov/16","https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44309"],"published_time":"2024-11-20T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44232","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44233","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44234","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44240","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44145","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T22:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44217","summary":"A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T22:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44302","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44278","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A sandboxed app may be able to access sensitive user data in system logs.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44282","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44285","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01372,"ranking_epss":0.80254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44296","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00664,"ranking_epss":0.71236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44255","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44258","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.01677,"ranking_epss":0.82201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44259","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44261","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121567","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44263","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.1707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44269","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A malicious app may use shortcuts to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44273","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44274","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121567","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44277","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44215","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing an image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.0547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44218","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44229","summary":"An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44235","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44239","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44244","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00279,"ranking_epss":0.51373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44251","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44252","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44254","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, watchOS 11.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44123","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.","cvss":2.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.3,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44126","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121568","http://seclists.org/fulldisclosure/2024/Oct/13"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44144","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/12"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44155","summary":"A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121567","http://seclists.org/fulldisclosure/2024/Oct/10"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44194","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40851","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00167,"ranking_epss":0.37912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40853","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to use Siri to enable Auto-Answer Calls.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38722,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T21:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40867","summary":"A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.01599,"ranking_epss":0.81725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44185","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44205","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23474,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44206","summary":"An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00465,"ranking_epss":0.6442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Nov/6"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44204","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01959,"ranking_epss":0.83529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121373","http://seclists.org/fulldisclosure/2024/Oct/1"],"published_time":"2024-10-04T00:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44207","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.07524,"ranking_epss":0.91826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121373","http://seclists.org/fulldisclosure/2024/Oct/1"],"published_time":"2024-10-04T00:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44187","summary":"A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00539,"ranking_epss":0.67631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/37","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44191","summary":"This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121239","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44198","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44202","summary":"An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00388,"ranking_epss":0.59922,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44164","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44165","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00375,"ranking_epss":0.59181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44167","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. An app may be able to overwrite arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44169","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44170","summary":"A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/35"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44171","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23908,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/35","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44176","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44180","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00167,"ranking_epss":0.37912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44183","summary":"A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06532,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44184","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44131","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0017,"ranking_epss":0.38186,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44147","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44158","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. A shortcut may output sensitive user data without consent.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40844","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to observe data displayed to the user by Shortcuts.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40850","summary":"A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40852","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00145,"ranking_epss":0.34838,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40856","summary":"An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00135,"ranking_epss":0.33202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/34"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40857","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/37"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40863","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44124","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44127","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27876","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12854,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27879","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27880","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40791","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40826","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13269,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40830","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40840","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20212,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27869","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.33112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33"],"published_time":"2024-09-17T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27874","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40829","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker may be able to view restricted content from the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00294,"ranking_epss":0.52766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40833","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40835","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.1384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40836","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40805","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40806","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40809","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40812","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40813","summary":"A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40815","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.07151,"ranking_epss":0.91581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40818","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40822","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32521,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40824","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40786","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00203,"ranking_epss":0.42475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/19","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40787","summary":"This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40788","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to cause unexpected system shutdown.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40789","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00696,"ranking_epss":0.71966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40793","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40794","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66648,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40795","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06769,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40796","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40798","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06769,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40799","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08832,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27884","summary":"This issue was addressed with a new entitlement. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40774","summary":"A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40776","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40777","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.4945,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40778","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40779","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40780","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40782","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00389,"ranking_epss":0.60066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40784","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40785","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00637,"ranking_epss":0.7053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27823","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to spoof network packets.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00185,"ranking_epss":0.40255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214123","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214123"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27826","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214123"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27863","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27871","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10807,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27873","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted video file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40396","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40398","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.35039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42925","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42949","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42957","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27832","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27833","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01223,"ranking_epss":0.7913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214103","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27836","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27838","summary":"The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0089,"ranking_epss":0.75569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27840","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27845","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27848","summary":"This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27850","summary":"This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01058,"ranking_epss":0.77651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214103","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27851","summary":"The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00982,"ranking_epss":0.76829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27855","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00455,"ranking_epss":0.63886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27857","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01086,"ranking_epss":0.77929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27806","summary":"This issue was addressed with improved environment sanitization. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27807","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5. An app may be able to circumvent App Privacy Report logging.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27808","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00822,"ranking_epss":0.74466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27811","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27815","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.24649,"ranking_epss":0.9615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27817","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27819","summary":"The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.29912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27820","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01283,"ranking_epss":0.79624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27828","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27830","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01337,"ranking_epss":0.80025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27831","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23251","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23282","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.0369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27799","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27800","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted message may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27801","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27802","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27805","summary":"An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27847","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27852","summary":"A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.56411,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27835","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.29912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27839","summary":"A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.27011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27841","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27834","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","http://seclists.org/fulldisclosure/2024/May/9","http://www.openwall.com/lists/oss-security/2024/05/21/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27818","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27821","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.02355,"ranking_epss":0.84932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27804","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.04071,"ranking_epss":0.88554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/23","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214123"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27810","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27816","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker may be able to access user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27796","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An attacker may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27803","summary":"A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27789","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.25024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120895","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","http://seclists.org/fulldisclosure/2024/May/11","http://seclists.org/fulldisclosure/2024/May/13","http://seclists.org/fulldisclosure/2024/May/14","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4558","summary":"Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.0238,"ranking_epss":0.85014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/337766133","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/337766133","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121"],"published_time":"2024-05-07T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23228","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/HT214059","https://support.apple.com/kb/HT214059"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23271","summary":"A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27791","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3. An app may be able to corrupt coprocessor memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42936","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17742,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42947","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.1668,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42950","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00645,"ranking_epss":0.70725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://security.netapp.com/advisory/ntap-20241018-0009/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42956","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/kb/HT214039","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/kb/HT214039"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42962","summary":"This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01145,"ranking_epss":0.7848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42974","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42893","summary":"A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-03-28T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42896","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2024-03-28T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23287","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23288","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23289","summary":"A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23290","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23291","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23292","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access information about a user's contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14144,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23264","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23265","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23278","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, watchOS 10.4. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.2266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23283","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.0621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23284","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00884,"ranking_epss":0.75466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23286","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01015,"ranking_epss":0.77201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23246","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23257","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, visionOS 1.1. Processing an image may result in disclosure of process memory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08034,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23259","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23262","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to spoof system notifications and UI.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23263","summary":"A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0062,"ranking_epss":0.70083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28826","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23201","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23231","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/24","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23235","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15733,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23225","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40428,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/18","http://seclists.org/fulldisclosure/2024/Mar/19","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23296","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41548,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120910","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Mar/18","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://seclists.org/fulldisclosure/2024/May/11","http://seclists.org/fulldisclosure/2024/May/13","https://support.apple.com/en-us/HT214081","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214118","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42942","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42823","summary":"The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1580","summary":"An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00584,"ranking_epss":0.69081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Mar/36","http://seclists.org/fulldisclosure/2024/Mar/37","http://seclists.org/fulldisclosure/2024/Mar/38","http://seclists.org/fulldisclosure/2024/Mar/39","http://seclists.org/fulldisclosure/2024/Mar/40","http://seclists.org/fulldisclosure/2024/Mar/41","https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS","https://code.videolan.org/videolan/dav1d/-/releases/1.4.0","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/","https://support.apple.com/kb/HT214093","https://support.apple.com/kb/HT214094","https://support.apple.com/kb/HT214095","https://support.apple.com/kb/HT214096","https://support.apple.com/kb/HT214097","https://support.apple.com/kb/HT214098","http://seclists.org/fulldisclosure/2024/Mar/36","http://seclists.org/fulldisclosure/2024/Mar/37","http://seclists.org/fulldisclosure/2024/Mar/38","http://seclists.org/fulldisclosure/2024/Mar/39","http://seclists.org/fulldisclosure/2024/Mar/40","http://seclists.org/fulldisclosure/2024/Mar/41","https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS","https://code.videolan.org/videolan/dav1d/-/releases/1.4.0","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/","https://support.apple.com/kb/HT214093","https://support.apple.com/kb/HT214094","https://support.apple.com/kb/HT214095","https://support.apple.com/kb/HT214096","https://support.apple.com/kb/HT214097","https://support.apple.com/kb/HT214098"],"published_time":"2024-02-19T11:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23210","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to view a user's phone number in system logs.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23211","summary":"A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23212","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23213","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.6041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23214","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00251,"ranking_epss":0.48469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23215","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23217","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Mar/22","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23218","summary":"A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23219","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","http://seclists.org/fulldisclosure/2024/Jan/33","https://support.apple.com/en-us/HT214059","https://support.apple.com/kb/HT214059"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23222","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69744,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/118479","https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","https://support.apple.com/en-us/126632","http://seclists.org/fulldisclosure/2024/Feb/6","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/40","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214057","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063","https://support.apple.com/kb/HT214070","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23223","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42937","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23203","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.3983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Mar/22","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23204","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23206","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00518,"ranking_epss":0.66796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23207","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, watchOS 10.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","http://seclists.org/fulldisclosure/2024/Jan/39","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23208","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03202,"ranking_epss":0.87023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40528","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.0056,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/37","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT214058","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940","http://seclists.org/fulldisclosure/2024/Jan/37","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT214058","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940","https://support.apple.com/kb/HT214058"],"published_time":"2024-01-23T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42888","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42833","summary":"A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00606,"ranking_epss":0.69699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42862","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42865","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42866","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00477,"ranking_epss":0.64949,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42869","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42870","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42871","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42872","summary":"The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42934","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42941","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41060","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01949,"ranking_epss":0.83492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41069","summary":"This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41075","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.34054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41974","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.3993,"kev":true,"propose_action":"Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120949","https://support.apple.com/en-us/126632","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938","https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42830","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42831","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.2424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32424","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38610","summary":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38612","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12561,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40385","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40394","summary":"The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213841"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40414","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00155,"ranking_epss":0.36242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40437","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40438","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19006,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40439","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40529","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32919","summary":"The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42839","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46710","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28185","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32366","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48618","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38631,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618"],"published_time":"2024-01-09T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42914","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42919","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42922","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42923","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42883","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05981,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214039","https://www.debian.org/security/2023/dsa-5580","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214039","https://www.debian.org/security/2023/dsa-5580"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42884","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214038","https://support.apple.com/kb/HT214040"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42890","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42897","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21238,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42898","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42899","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40446","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-12-12T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-45866","summary":"Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.34352,"ranking_epss":0.96999,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://bluetooth.com","https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675","https://github.com/skysafe/reblog/tree/main/cve-2023-45866","https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://security.gentoo.org/glsa/202401-03","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://www.debian.org/security/2023/dsa-5584","http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://bluetooth.com","https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675","https://github.com/skysafe/reblog/tree/main/cve-2023-45866","https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://security.gentoo.org/glsa/202401-03","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://www.debian.org/security/2023/dsa-5584"],"published_time":"2023-12-08T06:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42916","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14545,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42916"],"published_time":"2023-11-30T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42917","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20837,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"],"published_time":"2023-11-30T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41977","summary":"The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41982","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41983","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01108,"ranking_epss":0.78146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41988","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41997","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42841","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42845","summary":"An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.3503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42846","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.44234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42847","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00154,"ranking_epss":0.36197,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42849","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42852","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02171,"ranking_epss":0.84344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42857","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32359","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27511,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/23","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","http://seclists.org/fulldisclosure/2023/Oct/23","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40408","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40413","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40416","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00285,"ranking_epss":0.52074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40423","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40445","summary":"The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0016,"ranking_epss":0.36885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982","http://seclists.org/fulldisclosure/2023/Oct/19","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40447","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40449","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41072","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41254","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41976","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42824","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00965,"ranking_epss":0.76605,"kev":true,"propose_action":"Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213972","https://support.apple.com/en-us/HT213972","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42824"],"published_time":"2023-10-04T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5217","summary":"Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03573,"ranking_epss":0.87744,"kev":true,"propose_action":"Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Oct/12","http://seclists.org/fulldisclosure/2023/Oct/16","http://www.openwall.com/lists/oss-security/2023/09/28/5","http://www.openwall.com/lists/oss-security/2023/09/28/6","http://www.openwall.com/lists/oss-security/2023/09/29/1","http://www.openwall.com/lists/oss-security/2023/09/29/11","http://www.openwall.com/lists/oss-security/2023/09/29/12","http://www.openwall.com/lists/oss-security/2023/09/29/14","http://www.openwall.com/lists/oss-security/2023/09/29/2","http://www.openwall.com/lists/oss-security/2023/09/29/7","http://www.openwall.com/lists/oss-security/2023/09/29/9","http://www.openwall.com/lists/oss-security/2023/09/30/1","http://www.openwall.com/lists/oss-security/2023/09/30/2","http://www.openwall.com/lists/oss-security/2023/09/30/3","http://www.openwall.com/lists/oss-security/2023/09/30/4","http://www.openwall.com/lists/oss-security/2023/09/30/5","http://www.openwall.com/lists/oss-security/2023/10/01/1","http://www.openwall.com/lists/oss-security/2023/10/01/2","http://www.openwall.com/lists/oss-security/2023/10/01/5","http://www.openwall.com/lists/oss-security/2023/10/02/6","http://www.openwall.com/lists/oss-security/2023/10/03/11","https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","https://bugzilla.redhat.com/show_bug.cgi?id=2241191","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1486441","https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","https://github.com/webmproject/libvpx/releases/tag/v1.13.1","https://github.com/webmproject/libvpx/tags","https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://pastebin.com/TdkC4pDv","https://security-tracker.debian.org/tracker/CVE-2023-5217","https://security.gentoo.org/glsa/202310-04","https://security.gentoo.org/glsa/202401-34","https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://twitter.com/maddiestone/status/1707163313711497266","https://www.debian.org/security/2023/dsa-5508","https://www.debian.org/security/2023/dsa-5509","https://www.debian.org/security/2023/dsa-5510","https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","https://www.openwall.com/lists/oss-security/2023/09/28/5","http://seclists.org/fulldisclosure/2023/Oct/12","http://seclists.org/fulldisclosure/2023/Oct/16","http://www.openwall.com/lists/oss-security/2023/09/28/5","http://www.openwall.com/lists/oss-security/2023/09/28/6","http://www.openwall.com/lists/oss-security/2023/09/29/1","http://www.openwall.com/lists/oss-security/2023/09/29/11","http://www.openwall.com/lists/oss-security/2023/09/29/12","http://www.openwall.com/lists/oss-security/2023/09/29/14","http://www.openwall.com/lists/oss-security/2023/09/29/2","http://www.openwall.com/lists/oss-security/2023/09/29/7","http://www.openwall.com/lists/oss-security/2023/09/29/9","http://www.openwall.com/lists/oss-security/2023/09/30/1","http://www.openwall.com/lists/oss-security/2023/09/30/2","http://www.openwall.com/lists/oss-security/2023/09/30/3","http://www.openwall.com/lists/oss-security/2023/09/30/4","http://www.openwall.com/lists/oss-security/2023/09/30/5","http://www.openwall.com/lists/oss-security/2023/10/01/1","http://www.openwall.com/lists/oss-security/2023/10/01/2","http://www.openwall.com/lists/oss-security/2023/10/01/5","http://www.openwall.com/lists/oss-security/2023/10/02/6","http://www.openwall.com/lists/oss-security/2023/10/03/11","https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","https://bugzilla.redhat.com/show_bug.cgi?id=2241191","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1486441","https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","https://github.com/webmproject/libvpx/releases/tag/v1.13.1","https://github.com/webmproject/libvpx/tags","https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://pastebin.com/TdkC4pDv","https://security-tracker.debian.org/tracker/CVE-2023-5217","https://security.gentoo.org/glsa/202310-04","https://security.gentoo.org/glsa/202401-34","https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://twitter.com/maddiestone/status/1707163313711497266","https://www.debian.org/security/2023/dsa-5508","https://www.debian.org/security/2023/dsa-5509","https://www.debian.org/security/2023/dsa-5510","https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","https://www.openwall.com/lists/oss-security/2023/09/28/5","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-5217"],"published_time":"2023-09-28T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41986","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41995","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.3467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41968","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06532,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41980","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41981","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41984","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41068","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41070","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.1225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41071","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41073","summary":"An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.0899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41074","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01121,"ranking_epss":0.78274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://www.debian.org/security/2023/dsa-5527","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://webkitgtk.org/security/WSA-2023-0009.html","https://www.debian.org/security/2023/dsa-5527"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41174","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41232","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41065","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41063","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40520","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40454","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40456","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40452","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05611,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40441","summary":"A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00246,"ranking_epss":0.47915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40443","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213940","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40448","summary":"The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00928,"ranking_epss":0.76115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40434","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.1585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40432","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40429","summary":"A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40431","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40427","summary":"The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40428","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40424","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40412","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40417","summary":"A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213941"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40419","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07807,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40420","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00199,"ranking_epss":0.41983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40403","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40409","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40410","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.0547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40400","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01587,"ranking_epss":0.81651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40395","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40399","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40391","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213939","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40384","summary":"A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06485,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-39434","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00651,"ranking_epss":0.7089,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://webkitgtk.org/security/WSA-2023-0009.html"],"published_time":"2023-09-27T15:18:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38596","summary":"The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32361","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32396","summary":"This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213939","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35074","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://webkitgtk.org/security/WSA-2023-0009.html"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35984","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35990","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41991","summary":"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03217,"ranking_epss":0.87062,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991"],"published_time":"2023-09-21T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41992","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01172,"ranking_epss":0.78704,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41992"],"published_time":"2023-09-21T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41993","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.24414,"ranking_epss":0.96123,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-33","https://security.netapp.com/advisory/ntap-20240426-0004/","https://support.apple.com/en-us/HT213940","https://security.gentoo.org/glsa/202401-33","https://security.netapp.com/advisory/ntap-20240426-0004/","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213926","https://support.apple.com/kb/HT213930","https://webkitgtk.org/security/WSA-2023-0009.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"],"published_time":"2023-09-21T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40442","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213841"],"published_time":"2023-09-12T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41990","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02687,"ranking_epss":0.85882,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41990"],"published_time":"2023-09-12T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41061","summary":"A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00985,"ranking_epss":0.76865,"kev":true,"propose_action":"Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Sep/4","http://seclists.org/fulldisclosure/2023/Sep/5","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213907","https://support.apple.com/kb/HT213905","https://support.apple.com/kb/HT213907","http://seclists.org/fulldisclosure/2023/Sep/4","http://seclists.org/fulldisclosure/2023/Sep/5","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213907","https://support.apple.com/kb/HT213905","https://support.apple.com/kb/HT213907","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41061"],"published_time":"2023-09-07T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41064","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.85353,"ranking_epss":0.99367,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.","ransomware_campaign":"Unknown","references":["http://www.openwall.com/lists/oss-security/2023/09/21/4","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213906","https://support.apple.com/en-us/HT213913","https://support.apple.com/en-us/HT213914","https://support.apple.com/en-us/HT213915","http://www.openwall.com/lists/oss-security/2023/09/21/4","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213906","https://support.apple.com/en-us/HT213913","https://support.apple.com/en-us/HT213914","https://support.apple.com/en-us/HT213915","https://support.apple.com/kb/HT213913","https://support.apple.com/kb/HT213915","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41064"],"published_time":"2023-09-07T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40392","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-09-06T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38605","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844"],"published_time":"2023-09-06T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32425","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32428","summary":"This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0103,"ranking_epss":0.77363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32432","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32438","summary":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34352","summary":"A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28208","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.38964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-09-06T02:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46724","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46725","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213676","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48503","summary":"The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39644,"kev":true,"propose_action":"Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28198","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/09/11/1","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","http://www.openwall.com/lists/oss-security/2023/09/11/1","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32358","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22655","summary":"An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183"],"published_time":"2023-08-14T23:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38604","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32445","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34425","summary":"The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00629,"ranking_epss":0.70304,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-36495","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-37285","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00298,"ranking_epss":0.53258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38590","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02841,"ranking_epss":0.86228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38592","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00583,"ranking_epss":0.69019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38598","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69647,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38599","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00435,"ranking_epss":0.62912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38611","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38600","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38603","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00506,"ranking_epss":0.6627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-07-27T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38580","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.2178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38593","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38595","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38424","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38425","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00191,"ranking_epss":0.41041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38565","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38572","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38261","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T01:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38136","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32734","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22561,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35993","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32441","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32416","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16894,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32393","summary":"The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-07-27T01:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38597","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00328,"ranking_epss":0.55877,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213847","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213847","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38606","summary":"This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30056,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38606"],"published_time":"2023-07-27T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32437","summary":"The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213841","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-37450","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16864,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213826","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213826","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37450"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38133","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.60703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38410","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38594","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00525,"ranking_epss":0.67028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32381","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.2131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T00:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32433","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T00:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32404","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32407","summary":"A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.02328,"ranking_epss":0.84845,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32408","summary":"The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32409","summary":"The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00328,"ranking_epss":0.5587,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213842","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32409"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32410","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32411","summary":"This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32412","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01153,"ranking_epss":0.78537,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32413","summary":"A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32415","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32419","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01758,"ranking_epss":0.82629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213757"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32420","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32422","summary":"This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34377,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32423","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32434","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.57754,"ranking_epss":0.98182,"kev":true,"propose_action":"Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Oct/20","https://support.apple.com/en-us/HT213808","https://support.apple.com/en-us/HT213809","https://support.apple.com/en-us/HT213810","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213812","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/kb/HT213990","http://seclists.org/fulldisclosure/2023/Oct/20","https://support.apple.com/en-us/HT213808","https://support.apple.com/en-us/HT213809","https://support.apple.com/en-us/HT213810","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213812","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/kb/HT213990","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32435","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00233,"ranking_epss":0.46253,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213811","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32435"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32439","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0116,"ranking_epss":0.78615,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/en-us/HT213816","https://support.apple.com/kb/HT213814","https://support.apple.com/kb/HT213816","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/en-us/HT213816","https://support.apple.com/kb/HT213814","https://support.apple.com/kb/HT213816","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32439"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32373","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12768,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32373"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32376","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32384","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32385","summary":"A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32388","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01148,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32389","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32390","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.2128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32391","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32392","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32394","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32397","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30212,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32398","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32399","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32400","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32402","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32403","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27930","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27940","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09145,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28191","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28202","summary":"This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28204","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21587,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32352","summary":"A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32354","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32357","summary":"An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32365","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32367","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32368","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32371","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.0811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32372","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42792","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.1839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213489"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46715","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213489"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46718","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27969","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27970","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28178","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28181","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16676,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28182","summary":"The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28194","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28200","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677","https://support.apple.com/kb/HT213843","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677","https://support.apple.com/kb/HT213843"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28201","summary":"This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02941,"ranking_epss":0.86459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27949","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27954","summary":"The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.4074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27955","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27956","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27959","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27961","summary":"Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07894,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27963","summary":"The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23543","summary":"The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is currently using the camera.","cvss":3.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.6,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27928","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27929","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27931","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27932","summary":"This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27933","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27936","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.0948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27937","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27941","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27942","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27943","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27946","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25287,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23494","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00378,"ranking_epss":0.5937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23523","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23525","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23526","summary":"This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23527","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A user may gain access to protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23528","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23532","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213765"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23535","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213759"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23536","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00242,"ranking_epss":0.47487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23537","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13738,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23540","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213842"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23541","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18398,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32885","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2023-05-08T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46720","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2023-05-08T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46703","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/kb/HT213533","https://support.apple.com/kb/HT213536","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/kb/HT213533","https://support.apple.com/kb/HT213536"],"published_time":"2023-04-10T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46716","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00334,"ranking_epss":0.56242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2023-04-10T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46717","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/kb/HT213536","https://support.apple.com/en-us/HT213530","https://support.apple.com/kb/HT213536"],"published_time":"2023-04-10T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28205","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21077,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213720","https://support.apple.com/en-us/HT213721","https://support.apple.com/en-us/HT213722","https://support.apple.com/en-us/HT213723","https://support.apple.com/en-us/HT213720","https://support.apple.com/en-us/HT213721","https://support.apple.com/en-us/HT213722","https://support.apple.com/en-us/HT213723","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28205"],"published_time":"2023-04-10T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28206","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.2211,"ranking_epss":0.95806,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213720","https://support.apple.com/en-us/HT213721","https://support.apple.com/en-us/HT213723","https://support.apple.com/en-us/HT213724","https://support.apple.com/en-us/HT213725","https://support.apple.com/en-us/HT213720","https://support.apple.com/en-us/HT213721","https://support.apple.com/en-us/HT213723","https://support.apple.com/en-us/HT213724","https://support.apple.com/en-us/HT213725","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28206"],"published_time":"2023-04-10T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23511","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23512","summary":"The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0052,"ranking_epss":0.6688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23514","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00437,"ranking_epss":0.63128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213635","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213635","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213677"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23517","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.4384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23518","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.54315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23519","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23520","summary":"A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.35996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23524","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00416,"ranking_epss":0.61777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213632","https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213634","https://support.apple.com/en-us/HT213635","https://support.apple.com/en-us/HT213632","https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213634","https://support.apple.com/en-us/HT213635"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23529","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25943,"kev":true,"propose_action":"Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213635","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213635","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213673","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23530","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23531","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00709,"ranking_epss":0.72261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23496","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00681,"ranking_epss":0.71646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23498","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33355,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23499","summary":"This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33827,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23500","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23502","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23503","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23504","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23505","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32949","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213490"],"published_time":"2023-02-27T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42826","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213495","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213495"],"published_time":"2023-02-27T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46705","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213537","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536","https://support.apple.com/kb/HT213676","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213537","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536","https://support.apple.com/kb/HT213676"],"published_time":"2023-02-27T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22668","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26760","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00562,"ranking_epss":0.68385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213258"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32784","summary":"The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00187,"ranking_epss":0.40475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32824","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32830","summary":"An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32844","summary":"A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32855","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46689","summary":"A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.85334,"ranking_epss":0.99366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46690","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26161,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46691","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00766,"ranking_epss":0.73511,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46692","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","https://support.apple.com/en-us/HT213538","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","https://support.apple.com/en-us/HT213538"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46693","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.47002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213538","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213538"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46694","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00192,"ranking_epss":0.4111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46695","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00756,"ranking_epss":0.73308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null}]}