{"cves":[{"cve_id":"CVE-2025-43210","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155"],"published_time":"2026-04-02T19:20:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43202","summary":"This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149"],"published_time":"2026-04-02T19:20:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30867","summary":"CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a compromised/malicious MQTT broker) to remotely crash the host iOS/macOS/tvOS application. If an attacker publishes the 4-byte malformed payload to a shared topic with the RETAIN flag set to true, the MQTT broker will persist the payload. Any time a vulnerable client connects and subscribes to that topic, the broker will automatically push the malformed packet. The app will instantly crash in the background before the user can even interact with it. This effectively \"bricks\" the mobile application (a persistent DoS) until the retained message is manually wiped from the broker database. This issue has been patched in version 2.2.2.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/emqx/CocoaMQTT/commit/010bca6f61b97d726252f61641d331a2bf82b338","https://github.com/emqx/CocoaMQTT/pull/659","https://github.com/emqx/CocoaMQTT/releases/tag/2.2.2","https://github.com/emqx/CocoaMQTT/security/advisories/GHSA-r3fr-7m74-q7g2"],"published_time":"2026-04-02T14:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28882","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28886","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28894","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28895","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28870","summary":"An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28871","summary":"A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28874","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cause an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28875","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28876","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28877","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01423,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28878","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28879","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28880","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.1539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28859","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28861","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28863","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28864","summary":"This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.0095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28865","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28866","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28867","summary":"This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28868","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28852","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06575,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28855","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28856","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28857","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28858","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28833","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28822","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker may be able to cause unexpected app termination.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20692","summary":"A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. \"Hide IP Address\" and \"Block All Remote Content\" may not apply to all mail content.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20694","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20698","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20665","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20668","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20686","summary":"This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20687","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.0155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20688","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.0335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20690","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciously crafted media file may terminate the process.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20691","summary":"An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20637","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20657","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20664","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43534","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/126793"],"published_time":"2026-03-25T01:17:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-32318","summary":"Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 2.8.3.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cryptomator/ios/commit/98c31280304af65c0932eb547d5fe4be2d16929c","https://github.com/cryptomator/ios/pull/444","https://github.com/cryptomator/ios/releases/tag/2.8.3","https://github.com/cryptomator/ios/security/advisories/GHSA-g7fr-c82r-hm6j"],"published_time":"2026-03-20T19:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20643","summary":"A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126604","https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800","http://seclists.org/fulldisclosure/2026/Mar/10"],"published_time":"2026-03-17T23:16:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-43010","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120300","https://support.apple.com/en-us/120877","https://support.apple.com/en-us/120879","https://support.apple.com/en-us/126632","https://support.apple.com/en-us/126646","http://seclists.org/fulldisclosure/2026/Mar/1"],"published_time":"2026-03-12T01:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30797","summary":"Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":9.3,"epss":0.00061,"ranking_epss":0.19083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30798","summary":"Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.2,"epss":0.00031,"ranking_epss":0.08802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30793","summary":"Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":9.3,"epss":0.00038,"ranking_epss":0.11414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://github.com/rustdesk/hbb_common","https://github.com/rustdesk/rustdesk","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30794","summary":"Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true).\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":9.1,"epss":0.00041,"ranking_epss":0.12343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://github.com/rustdesk/rustdesk","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30795","summary":"Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password).\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00022,"ranking_epss":0.05898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://github.com/rustdesk/rustdesk","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30789","summary":"Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":9.3,"epss":0.00166,"ranking_epss":0.37732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30792","summary":"A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options().\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":9.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":9.1,"epss":0.00067,"ranking_epss":0.20581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30783","summary":"A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling.\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":8.8,"epss":0.00133,"ranking_epss":0.32861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T16:16:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-30791","summary":"Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig().\n\nThis issue affects RustDesk Client: through 1.4.5.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00023,"ranking_epss":0.06114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","https://rustdesk.com/docs/en/client/","https://www.vulsec.org/"],"published_time":"2026-03-05T15:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20677","summary":"A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions.","cvss":9.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.0,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20678","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20680","summary":"The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20682","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20700","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57665,"kev":true,"propose_action":"Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20667","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04681,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126352"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20671","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20673","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off \"Load remote content in messages” may not apply to all mail previews.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20674","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20675","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-174/"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20676","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20652","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20653","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02103,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20654","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20655","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20656","summary":"A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20660","summary":"A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354","https://support.apple.com/en-us/126795"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20661","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20663","summary":"The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.0164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20640","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20641","summary":"A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20642","summary":"An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20644","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20645","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20649","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20650","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20626","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20627","summary":"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20628","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20634","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20635","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20636","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20638","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20615","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20616","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-176/"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20617","summary":"A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20621","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20605","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20606","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20608","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20609","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20611","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-173/"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46305","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43537","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/126347"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46300","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46301","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46302","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46303","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46304","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2026-02-11T23:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46306","summary":"The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/126254"],"published_time":"2026-01-28T18:16:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46316","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/126255"],"published_time":"2026-01-28T18:16:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44238","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54556","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24089","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24090","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":5e-05,"ranking_epss":0.00209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066"],"published_time":"2026-01-16T18:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-50890","summary":"Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00443,"ranking_epss":0.63351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/owlfiles-file-manager/id510282524","https://www.exploit-db.com/exploits/51036","https://www.skyjos.com/","https://www.vulncheck.com/advisories/owlfiles-file-manager-path-traversal","https://www.exploit-db.com/exploits/51036"],"published_time":"2026-01-13T23:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-50891","summary":"Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":5.1,"epss":0.00061,"ranking_epss":0.1906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/owlfiles-file-manager/id510282524","https://www.exploit-db.com/exploits/51036","https://www.skyjos.com/","https://www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-via-http-server","https://www.exploit-db.com/exploits/51036"],"published_time":"2026-01-13T23:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46286","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46298","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46299","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.0606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46288","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.0157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46292","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885"],"published_time":"2025-12-17T21:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46277","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125890"],"published_time":"2025-12-17T21:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46279","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43533","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43535","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43536","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43541","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43529","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35896,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"],"published_time":"2025-12-17T21:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43531","summary":"A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43501","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22726,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43475","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04836,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884"],"published_time":"2025-12-17T21:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43428","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43511","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-12T21:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43520","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00273,"ranking_epss":0.50777,"kev":true,"propose_action":"Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43520"],"published_time":"2025-12-12T21:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43494","summary":"A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An attacker may be able to cause a persistent denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-12-12T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43510","summary":"A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00511,"ranking_epss":0.66483,"kev":true,"propose_action":"Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43510"],"published_time":"2025-12-12T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43437","summary":"An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-12-12T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14174","summary":"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01047,"ranking_epss":0.77538,"kev":true,"propose_action":"Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/466192044","https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"],"published_time":"2025-12-12T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31216","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to override managed Wi-Fi profiles.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405"],"published_time":"2025-11-21T22:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43374","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722"],"published_time":"2025-11-21T22:16:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-13983","summary":"Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/379818904"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9126","summary":"Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/349653218"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43205","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-11-12T01:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43418","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05738,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-05T19:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-43000","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18667,"kev":true,"propose_action":"Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120324","https://support.apple.com/en-us/120331","https://support.apple.com/en-us/120338","https://support.apple.com/en-us/126632","https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-43000"],"published_time":"2025-11-05T19:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43500","summary":"A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13304,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43502","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to bypass certain Privacy preferences.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43503","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Visiting a malicious website may lead to user interface spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43507","summary":"A privacy issue was addressed by moving sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43480","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43493","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43495","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43496","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43498","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43455","summary":"A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43457","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43458","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43460","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43462","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.2224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43443","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.2047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43444","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43445","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43447","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43448","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43449","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43450","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.1373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43452","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43454","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12896,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43432","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43433","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43434","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43435","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43436","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43438","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43439","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43440","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43441","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43442","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43422","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43423","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.","cvss":2.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.0,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43424","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. A malicious HID device may cause an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43425","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43426","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43427","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43429","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43430","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43431","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43407","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43413","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A sandboxed app may be able to observe system-wide network connections.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43419","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43421","summary":"Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43392","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43398","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43379","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43383","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43384","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43385","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43386","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05031,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43389","summary":"A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43391","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43365","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125633"],"published_time":"2025-11-04T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43376","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 26, iOS 18.7.7 and iPadOS 18.7.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24179,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/126793"],"published_time":"2025-11-04T02:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43360","summary":"The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108"],"published_time":"2025-11-04T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43361","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A malicious app may be able to read kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636"],"published_time":"2025-11-04T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43350","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632"],"published_time":"2025-11-04T02:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43345","summary":"A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43338","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/126350"],"published_time":"2025-11-04T02:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43323","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43309","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108"],"published_time":"2025-11-04T02:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43282","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155"],"published_time":"2025-10-15T20:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43280","summary":"The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08489,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147"],"published_time":"2025-10-15T20:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43400","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125326","https://support.apple.com/en-us/125327","https://support.apple.com/en-us/125328","https://support.apple.com/en-us/125329","https://support.apple.com/en-us/125330","https://support.apple.com/en-us/125338","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125639","http://seclists.org/fulldisclosure/2025/Sep/73","http://seclists.org/fulldisclosure/2025/Sep/76","http://seclists.org/fulldisclosure/2025/Sep/78"],"published_time":"2025-09-29T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43362","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/50"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43368","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43372","summary":"The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/125636","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43349","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43354","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43355","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43356","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43357","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26. An app may be able to fingerprint the user.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43358","summary":"A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A shortcut may be able to bypass sandbox restrictions.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02824,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43359","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43342","summary":"A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00332,"ranking_epss":0.56123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43343","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/10/13/4","https://access.redhat.com/errata/RHSA-2025:19946","https://security-tracker.debian.org/tracker/CVE-2025-43343","https://ubuntu.com/security/CVE-2025-43343","https://webkitgtk.org/security/WSA-2025-0007.html"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43344","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43346","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43347","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An input validation issue was addressed.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.38997,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43329","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57"],"published_time":"2025-09-15T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43317","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43299","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43302","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43303","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43295","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55"],"published_time":"2025-09-15T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43272","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43190","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43203","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03971,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/50"],"published_time":"2025-09-15T23:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30468","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","http://seclists.org/fulldisclosure/2025/Sep/49"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31254","summary":"This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125113","http://seclists.org/fulldisclosure/2025/Sep/59"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31255","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43300","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.02406,"ranking_epss":0.85101,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/124925","https://support.apple.com/en-us/124926","https://support.apple.com/en-us/124927","https://support.apple.com/en-us/124928","https://support.apple.com/en-us/124929","https://support.apple.com/en-us/125141","https://support.apple.com/en-us/125142","http://seclists.org/fulldisclosure/2025/Sep/10","http://seclists.org/fulldisclosure/2025/Sep/14","http://seclists.org/fulldisclosure/2025/Sep/52","https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md","https://github.com/cisagov/vulnrichment/issues/201","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43300"],"published_time":"2025-08-21T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43265","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07598,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43230","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.0686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43234","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43221","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43223","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43224","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43226","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43227","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.43956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43228","summary":"The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124152","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43209","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00205,"ranking_epss":0.42715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43211","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43212","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43213","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37416,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43214","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.4447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43216","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.3606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43217","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31281","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43186","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Parsing a file may lead to an unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.4692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24224","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00365,"ranking_epss":0.58545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31229","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30077,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","http://seclists.org/fulldisclosure/2025/Jul/30"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31273","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31276","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","http://seclists.org/fulldisclosure/2025/Jul/31"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31277","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00176,"ranking_epss":0.39153,"kev":true,"propose_action":"Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31278","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6558","summary":"Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37984,"kev":true,"propose_action":"Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/427162086","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"],"published_time":"2025-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43200","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00902,"ranking_epss":0.75733,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122173","https://support.apple.com/en-us/122174","https://support.apple.com/en-us/122345","https://support.apple.com/en-us/122346","https://support.apple.com/en-us/122900","https://support.apple.com/en-us/122901","https://support.apple.com/en-us/122902","https://support.apple.com/en-us/122903","https://support.apple.com/en-us/122904","https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43200"],"published_time":"2025-06-16T22:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30466","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. A website may be able to bypass Same Origin Policy.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39448,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379"],"published_time":"2025-05-29T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31199","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/125636"],"published_time":"2025-05-29T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31185","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066"],"published_time":"2025-05-19T16:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31262","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073"],"published_time":"2025-05-19T16:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24184","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073"],"published_time":"2025-05-19T16:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24189","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00912,"ranking_epss":0.75893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://www.openwall.com/lists/oss-security/2025/08/02/1"],"published_time":"2025-05-19T16:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31251","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31253","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47773,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31257","summary":"This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00799,"ranking_epss":0.74073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31238","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0126,"ranking_epss":0.79442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31239","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31241","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app termination.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00845,"ranking_epss":0.7482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31245","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31223","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31225","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31226","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31227","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31228","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34229,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31233","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0051,"ranking_epss":0.66444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31234","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00523,"ranking_epss":0.6695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31209","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user information.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31210","summary":"The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.53999,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31212","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31214","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00268,"ranking_epss":0.50359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31215","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01121,"ranking_epss":0.78281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31217","summary":"The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00759,"ranking_epss":0.73366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31219","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.005,"ranking_epss":0.65981,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31221","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00764,"ranking_epss":0.73473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31222","summary":"A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20638,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30448","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31204","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00666,"ranking_epss":0.7128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31205","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31206","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01111,"ranking_epss":0.78183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31207","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.3039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","http://seclists.org/fulldisclosure/2025/May/5"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31208","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01028,"ranking_epss":0.77341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24223","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24225","summary":"An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30436","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24111","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24144","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24220","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.2291,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/124148","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24091","summary":"An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121838","https://support.apple.com/en-us/122066"],"published_time":"2025-04-30T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31202","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.2089,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31203","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24179","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24206","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26172,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24251","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00228,"ranking_epss":0.45572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24252","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://github.com/cakescats/airborn-IOS-CVE-2025-24252/blob/main/airborn_arts_CVE-2025-24252_extractor.sh"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24270","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24271","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44485,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30445","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31197","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31200","summary":"A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02105,"ranking_epss":0.84111,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122282","https://support.apple.com/en-us/122400","https://support.apple.com/en-us/122401","https://support.apple.com/en-us/122402","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/Apr/26","http://seclists.org/fulldisclosure/2025/Jun/14","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/Oct/0","http://seclists.org/fulldisclosure/2025/Oct/4","https://blog.noahhw.dev/posts/cve-2025-31200/","https://news.ycombinator.com/item?id=44161894","https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md","https://github.com/cisagov/vulnrichment/issues/200","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200"],"published_time":"2025-04-16T19:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31201","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02313,"ranking_epss":0.84795,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122282","https://support.apple.com/en-us/122400","https://support.apple.com/en-us/122401","https://support.apple.com/en-us/122402","http://seclists.org/fulldisclosure/2025/Apr/26","http://seclists.org/fulldisclosure/2025/Jun/14","http://seclists.org/fulldisclosure/2025/Oct/0","http://seclists.org/fulldisclosure/2025/Oct/3","http://seclists.org/fulldisclosure/2025/Oct/4","https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md","https://github.com/cisagov/vulnrichment/issues/200","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31201"],"published_time":"2025-04-16T19:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42970","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00467,"ranking_epss":0.64493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120330","https://support.apple.com/en-us/120947","https://support.apple.com/en-us/120948","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42973","summary":"Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120949"],"published_time":"2025-04-11T15:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42977","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.36052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38614","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42875","summary":"Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.5239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120330","https://support.apple.com/en-us/120947","https://support.apple.com/en-us/120948","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42961","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00375,"ranking_epss":0.59181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120328","https://support.apple.com/en-us/120329","https://support.apple.com/en-us/120337","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42969","summary":"An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20355,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120328","https://support.apple.com/en-us/120329","https://support.apple.com/en-us/120337","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31191","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.2572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/"],"published_time":"2025-03-31T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31192","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.47035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30469","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30470","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30471","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00989,"ranking_epss":0.76912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31182","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00704,"ranking_epss":0.72128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31183","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00717,"ranking_epss":0.72434,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31184","summary":"This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26604,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30456","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30463","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30467","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.53943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30447","summary":"The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30454","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30427","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01119,"ranking_epss":0.7826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30428","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30429","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30430","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Password autofill may fill in passwords after failing authentication.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30432","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30433","summary":"This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00627,"ranking_epss":0.70263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30434","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30438","summary":"This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21832,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","https://support.apple.com/en-us/122376"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30439","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24283","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30425","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.60672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30426","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00833,"ranking_epss":0.7463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24264","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01384,"ranking_epss":0.80343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24257","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25638,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24238","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00808,"ranking_epss":0.74234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24243","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26787,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24244","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24230","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.7362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24237","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02455,"ranking_epss":0.85236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24211","summary":"This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.7362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24212","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24213","summary":"This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31864,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24214","summary":"A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24216","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00821,"ranking_epss":0.74446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24217","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26421,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24221","summary":"This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24198","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00204,"ranking_epss":0.42623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24202","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24205","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24208","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00315,"ranking_epss":0.54633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24209","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.02557,"ranking_epss":0.85531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24210","summary":"A logic error was addressed with improved error handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Parsing an image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24180","summary":"The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00396,"ranking_epss":0.60452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24182","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24190","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.7362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24192","summary":"A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55377,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24193","summary":"This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24194","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01074,"ranking_epss":0.77806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24095","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24097","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24167","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. A download's origin may be incorrectly associated.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00626,"ranking_epss":0.70254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24173","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24178","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00666,"ranking_epss":0.71274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54551","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-21T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54564","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, visionOS 1.3. A file received from AirDrop may not have the quarantine flag applied.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120915"],"published_time":"2025-03-21T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44276","summary":"This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.2158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837"],"published_time":"2025-03-17T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54525","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01656,"ranking_epss":0.82084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-03-17T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24201","summary":"An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24907,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122281","https://support.apple.com/en-us/122283","https://support.apple.com/en-us/122284","https://support.apple.com/en-us/122285","https://support.apple.com/en-us/122345","https://support.apple.com/en-us/122346","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122376","http://seclists.org/fulldisclosure/2025/Apr/16","http://seclists.org/fulldisclosure/2025/Apr/7","http://seclists.org/fulldisclosure/2025/Jun/19","http://seclists.org/fulldisclosure/2025/Mar/2","http://seclists.org/fulldisclosure/2025/Mar/3","http://seclists.org/fulldisclosure/2025/Mar/4","http://seclists.org/fulldisclosure/2025/Mar/5","http://seclists.org/fulldisclosure/2025/Oct/1","http://seclists.org/fulldisclosure/2025/Oct/31","https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201","https://github.com/cisagov/vulnrichment/issues/194","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201"],"published_time":"2025-03-11T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-43454","summary":"A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/102741","https://support.apple.com/en-us/102807","https://support.apple.com/en-us/102808","https://support.apple.com/en-us/102836"],"published_time":"2025-03-10T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48610","summary":"This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/102741","https://support.apple.com/en-us/102807","https://support.apple.com/en-us/102808"],"published_time":"2025-03-10T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44192","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00209,"ranking_epss":0.43391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44227","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54467","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54469","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. A local user may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54558","summary":"A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54560","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44179","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.2804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27424","summary":"Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00379,"ranking_epss":0.59463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1945392","https://www.mozilla.org/security/advisories/mfsa2025-13/"],"published_time":"2025-03-04T14:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27425","summary":"Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00308,"ranking_epss":0.54049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1941525","https://www.mozilla.org/security/advisories/mfsa2025-13/"],"published_time":"2025-03-04T14:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-27426","summary":"Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1933079","https://www.mozilla.org/security/advisories/mfsa2025-13/"],"published_time":"2025-03-04T14:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24200","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.47285,"ranking_epss":0.97699,"kev":true,"propose_action":"Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122173","https://support.apple.com/en-us/122174","https://support.apple.com/en-us/122345","https://support.apple.com/en-us/122346","http://seclists.org/fulldisclosure/2025/Apr/7","http://seclists.org/fulldisclosure/2025/Feb/7","http://seclists.org/fulldisclosure/2025/Feb/8","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24200"],"published_time":"2025-02-10T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54658","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44328,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895"],"published_time":"2025-02-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27859","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895"],"published_time":"2025-02-10T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24161","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.1288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24162","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01179,"ranking_epss":0.78768,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24163","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sequoia 15.4, macOS Sonoma 14.7.3, tvOS 18.3, tvOS 18.4, visionOS 2.3, visionOS 2.4, watchOS 11.3, watchOS 11.4. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24177","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker on the local network may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0022,"ranking_epss":0.44697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24149","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24150","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00308,"ranking_epss":0.54049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24154","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, visionOS 2.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00305,"ranking_epss":0.5382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24158","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0086,"ranking_epss":0.75065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24159","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19694,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24160","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24131","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24137","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3. An attacker on the local network may corrupt process memory.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13064,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24141","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","http://seclists.org/fulldisclosure/2025/Jan/13"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24145","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24123","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39237,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24124","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24126","summary":"An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt process memory.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24127","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24128","summary":"The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.3415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24129","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may cause an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.30002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24107","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02328,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24113","summary":"The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/20"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24117","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.0219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24086","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24104","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03852,"ranking_epss":0.88214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","http://seclists.org/fulldisclosure/2025/Jan/14"],"published_time":"2025-01-27T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54541","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54542","summary":"An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121846"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54543","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.3464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54550","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24085","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.14832,"ranking_epss":0.94529,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/9","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19","http://seclists.org/fulldisclosure/2025/Jun/19","http://seclists.org/fulldisclosure/2025/Oct/1","http://seclists.org/fulldisclosure/2025/Oct/23","http://seclists.org/fulldisclosure/2025/Oct/30","http://seclists.org/fulldisclosure/2025/Oct/31","https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201","https://github.com/cisagov/vulnrichment/issues/194","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54517","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54518","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54522","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54523","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.36958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54530","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54468","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54478","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55304,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/122067","http://seclists.org/fulldisclosure/2025/Jan/14"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54488","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00209,"ranking_epss":0.43313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54497","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54499","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54507","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.31979,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54512","summary":"The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121843"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38009","summary":"IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18235,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7172691","https://www.ibm.com/support/pages/node/7172692"],"published_time":"2025-01-26T16:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54470","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contacts from the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121567"],"published_time":"2025-01-15T20:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54535","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00278,"ranking_epss":0.51235,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566"],"published_time":"2025-01-15T20:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27856","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40771","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16867,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40839","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40854","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47434,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44136","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-53647","summary":"Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.2648,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpcenter.trendmicro.com/en-us/article/tmka-06710"],"published_time":"2024-12-31T16:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54538","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01986,"ranking_epss":0.83631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-12-20T01:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54534","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0107,"ranking_epss":0.77765,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://security.netapp.com/advisory/ntap-20250418-0002/"],"published_time":"2024-12-12T02:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54503","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","http://seclists.org/fulldisclosure/2024/Dec/5"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54505","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00587,"ranking_epss":0.69153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54508","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01383,"ranking_epss":0.80334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54510","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54513","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54514","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.1372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54526","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00458,"ranking_epss":0.64011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54527","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54486","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54492","summary":"This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.4388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54494","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An attacker may be able to create a read-only memory mapping that can be written to.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00211,"ranking_epss":0.437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54500","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54501","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted file may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.0925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54502","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.07285,"ranking_epss":0.91683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54479","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.007,"ranking_epss":0.7203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54485","summary":"The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","http://seclists.org/fulldisclosure/2024/Dec/6"],"published_time":"2024-12-12T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44245","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, visionOS 2.2. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44246","summary":"The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44290","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44299","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44200","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44201","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a malicious crafted file may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/8","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44212","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44225","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44241","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00774,"ranking_epss":0.7364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44242","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00774,"ranking_epss":0.7364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44308","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01547,"ranking_epss":0.81441,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/121752","https://support.apple.com/en-us/121753","https://support.apple.com/en-us/121754","https://support.apple.com/en-us/121755","https://support.apple.com/en-us/121756","http://seclists.org/fulldisclosure/2024/Nov/16","https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308"],"published_time":"2024-11-20T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44309","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.01274,"ranking_epss":0.7956,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/121752","https://support.apple.com/en-us/121753","https://support.apple.com/en-us/121754","https://support.apple.com/en-us/121755","https://support.apple.com/en-us/121756","http://seclists.org/fulldisclosure/2024/Nov/16","https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44309"],"published_time":"2024-11-20T00:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11115","summary":"Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00677,"ranking_epss":0.71534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/371929521"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44232","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44233","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44234","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44240","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44145","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T22:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44217","summary":"A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T22:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44302","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44278","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A sandboxed app may be able to access sensitive user data in system logs.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44282","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45945,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44285","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01372,"ranking_epss":0.80255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44296","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00664,"ranking_epss":0.71234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44297","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44255","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44258","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.01677,"ranking_epss":0.82206,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44259","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44261","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121567","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44263","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44269","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1. A malicious app may use shortcuts to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44273","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44274","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. An attacker with physical access to a locked device may be able to view sensitive user information.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.3634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121567","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44277","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44215","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing an image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44218","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44229","summary":"An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44235","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44239","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44244","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00279,"ranking_epss":0.51364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44251","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44252","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44254","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, watchOS 11.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44123","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.","cvss":2.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.3,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44126","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121568","http://seclists.org/fulldisclosure/2024/Oct/13"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44144","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/12"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44155","summary":"A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121567","http://seclists.org/fulldisclosure/2024/Oct/10"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44194","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/14","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40851","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00167,"ranking_epss":0.37914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40853","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to use Siri to enable Auto-Answer Calls.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250"],"published_time":"2024-10-28T21:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40867","summary":"A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.01599,"ranking_epss":0.81731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44185","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44205","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44206","summary":"An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00465,"ranking_epss":0.64415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Nov/6"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9957","summary":"Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00397,"ranking_epss":0.60591,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/358151317"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9961","summary":"Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00397,"ranking_epss":0.60591,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/357776197"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44204","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01959,"ranking_epss":0.83531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121373","http://seclists.org/fulldisclosure/2024/Oct/1"],"published_time":"2024-10-04T00:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44207","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.07524,"ranking_epss":0.91829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121373","http://seclists.org/fulldisclosure/2024/Oct/1"],"published_time":"2024-10-04T00:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-43201","summary":"The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) and more recently in version 9.9.13 (released on 2025-02-11).","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.00128,"ranking_epss":0.32172,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/planet-fitness-workouts/id399857015","https://dontvacuum.me/bugs/pf/"],"published_time":"2024-09-23T20:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8909","summary":"Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/341353783"],"published_time":"2024-09-17T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44187","summary":"A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00539,"ranking_epss":0.67625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/37","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44191","summary":"This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121239","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44198","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44202","summary":"An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00388,"ranking_epss":0.5992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44164","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44165","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00375,"ranking_epss":0.59181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44167","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. An app may be able to overwrite arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.4539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44169","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44170","summary":"A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/35"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44171","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/35","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44176","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44180","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00167,"ranking_epss":0.37914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44183","summary":"A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44184","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44131","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0017,"ranking_epss":0.38185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44139","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44147","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44158","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. A shortcut may output sensitive user data without consent.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40844","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to observe data displayed to the user by Shortcuts.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40850","summary":"A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40852","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00145,"ranking_epss":0.34835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40856","summary":"An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00135,"ranking_epss":0.3321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/34"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40857","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/37"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40863","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44124","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44127","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33347,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27876","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27879","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37386,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27880","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40791","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40826","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40830","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40840","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27869","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.3312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33"],"published_time":"2024-09-17T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27874","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40738,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32"],"published_time":"2024-09-17T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7533","summary":"Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00331,"ranking_epss":0.56073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/353552540"],"published_time":"2024-08-06T21:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6988","summary":"Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00274,"ranking_epss":0.50868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/349198731"],"published_time":"2024-08-06T16:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40829","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker may be able to view restricted content from the lock screen.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00294,"ranking_epss":0.52758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40833","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40835","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13838,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40836","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40805","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40806","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40809","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40812","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40813","summary":"A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40815","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.07151,"ranking_epss":0.91582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40818","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40822","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40824","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40786","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00203,"ranking_epss":0.42483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/19","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40787","summary":"This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.04986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40788","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to cause unexpected system shutdown.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40789","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00696,"ranking_epss":0.71965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40793","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40794","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40795","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40796","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40798","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40799","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27884","summary":"This issue was addressed with a new entitlement. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40774","summary":"A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40776","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57375,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40777","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40778","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40779","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.0774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40780","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40782","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00389,"ranking_epss":0.60064,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40784","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04423,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40785","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00637,"ranking_epss":0.70529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27823","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to spoof network packets.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00185,"ranking_epss":0.40266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214123","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214123"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27826","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214123"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27863","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27871","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27873","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted video file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40396","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40398","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.35037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42925","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42949","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42957","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24877,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27832","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.3385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27833","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01223,"ranking_epss":0.79132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214103","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27836","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31474,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27838","summary":"The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0089,"ranking_epss":0.75567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27840","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27845","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27848","summary":"This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.1331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27850","summary":"This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01058,"ranking_epss":0.77653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214103","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27851","summary":"The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00982,"ranking_epss":0.76828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27855","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00455,"ranking_epss":0.63882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27857","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01086,"ranking_epss":0.7793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27806","summary":"This issue was addressed with improved environment sanitization. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27807","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5. An app may be able to circumvent App Privacy Report logging.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27808","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00822,"ranking_epss":0.74462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27811","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27815","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.24649,"ranking_epss":0.96146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27817","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27819","summary":"The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.2992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27820","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01283,"ranking_epss":0.79624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27828","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27830","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01337,"ranking_epss":0.80026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27831","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23251","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23282","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.0369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27799","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27800","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted message may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27801","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27802","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.1871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27805","summary":"An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27847","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27852","summary":"A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.5641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27835","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.2992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27839","summary":"A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.27027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27841","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27834","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","http://seclists.org/fulldisclosure/2024/May/9","http://www.openwall.com/lists/oss-security/2024/05/21/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27818","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27821","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. A shortcut may output sensitive user data without consent.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.02355,"ranking_epss":0.84931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27804","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.04071,"ranking_epss":0.88554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/23","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214123"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27810","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27816","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker may be able to access user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27796","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An attacker may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27803","summary":"A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","https://support.apple.com/en-us/HT214101","https://support.apple.com/kb/HT214101"],"published_time":"2024-05-14T15:13:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27789","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.4, macOS Ventura 13.6.7. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.25036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120895","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","http://seclists.org/fulldisclosure/2024/May/11","http://seclists.org/fulldisclosure/2024/May/13","http://seclists.org/fulldisclosure/2024/May/14","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4558","summary":"Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.0238,"ranking_epss":0.85013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/337766133","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/337766133","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121"],"published_time":"2024-05-07T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3661","summary":"DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.02912,"ranking_epss":0.86389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/","https://bst.cisco.com/quickview/bug/CSCwk05814","https://datatracker.ietf.org/doc/html/rfc2131#section-7","https://datatracker.ietf.org/doc/html/rfc3442#section-7","https://fortiguard.fortinet.com/psirt/FG-IR-24-170","https://issuetracker.google.com/issues/263721377","https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/","https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic","https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision","https://my.f5.com/manage/s/article/K000139553","https://news.ycombinator.com/item?id=40279632","https://news.ycombinator.com/item?id=40284111","https://security.paloaltonetworks.com/CVE-2024-3661","https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661","https://tunnelvisionbug.com/","https://www.agwa.name/blog/post/hardening_openvpn_for_def_con","https://www.leviathansecurity.com/research/tunnelvision","https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/","https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009","https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability","https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/","https://bst.cisco.com/quickview/bug/CSCwk05814","https://datatracker.ietf.org/doc/html/rfc2131#section-7","https://datatracker.ietf.org/doc/html/rfc3442#section-7","https://fortiguard.fortinet.com/psirt/FG-IR-24-170","https://issuetracker.google.com/issues/263721377","https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/","https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic","https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision","https://my.f5.com/manage/s/article/K000139553","https://news.ycombinator.com/item?id=40279632","https://news.ycombinator.com/item?id=40284111","https://security.paloaltonetworks.com/CVE-2024-3661","https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661","https://tunnelvisionbug.com/","https://www.agwa.name/blog/post/hardening_openvpn_for_def_con","https://www.leviathansecurity.com/research/tunnelvision","https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/","https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009","https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"],"published_time":"2024-05-06T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23228","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/HT214059","https://support.apple.com/kb/HT214059"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23271","summary":"A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27791","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3. An app may be able to corrupt coprocessor memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06287,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-31392","summary":"If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.64839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1875925","https://www.mozilla.org/security/advisories/mfsa2024-17/","https://bugzilla.mozilla.org/show_bug.cgi?id=1875925","https://www.mozilla.org/security/advisories/mfsa2024-17/"],"published_time":"2024-04-03T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-31393","summary":"Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1879739","https://www.mozilla.org/security/advisories/mfsa2024-17/","https://bugzilla.mozilla.org/show_bug.cgi?id=1879739","https://www.mozilla.org/security/advisories/mfsa2024-17/"],"published_time":"2024-04-03T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42936","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42947","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42950","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00645,"ranking_epss":0.70722,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://security.netapp.com/advisory/ntap-20241018-0009/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42956","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/kb/HT214039","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/kb/HT214039"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42962","summary":"This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01145,"ranking_epss":0.7848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42974","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42893","summary":"A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-03-28T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42896","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2024-03-28T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23287","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23288","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23289","summary":"A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23290","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23291","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23292","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access information about a user's contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14145,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23293","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23297","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23264","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23265","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23270","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10006,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23273","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00224,"ranking_epss":0.45133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23277","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50575,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23278","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, watchOS 10.4. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23280","summary":"An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23283","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23284","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00884,"ranking_epss":0.75463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23286","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01015,"ranking_epss":0.77201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23239","summary":"A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23240","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/HT214081","https://support.apple.com/kb/HT214081"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23241","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23242","summary":"A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23246","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23250","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02945,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23254","summary":"The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00468,"ranking_epss":0.64506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23255","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23257","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, visionOS 1.1. Processing an image may result in disclosure of process memory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.0804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23259","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23262","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to spoof system notifications and UI.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23263","summary":"A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0062,"ranking_epss":0.70083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28826","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0258","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23201","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04348,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23205","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06179,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23220","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23226","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00898,"ranking_epss":0.75684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23231","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.1364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/24","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23235","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23225","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40439,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/18","http://seclists.org/fulldisclosure/2024/Mar/19","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23243","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00723,"ranking_epss":0.72578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/18","https://support.apple.com/en-us/HT214081","https://support.apple.com/kb/HT214081"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23256","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/18","https://support.apple.com/en-us/HT214081","https://support.apple.com/kb/HT214081"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23296","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41556,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120910","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Mar/18","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://seclists.org/fulldisclosure/2024/May/11","http://seclists.org/fulldisclosure/2024/May/13","https://support.apple.com/en-us/HT214081","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214118","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42946","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42951","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.3163,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982"],"published_time":"2024-02-21T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42952","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT214038"],"published_time":"2024-02-21T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42953","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42878","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06179,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42928","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982"],"published_time":"2024-02-21T07:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42939","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982"],"published_time":"2024-02-21T07:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42942","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42848","summary":"The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42855","summary":"This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982"],"published_time":"2024-02-21T07:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42873","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213987"],"published_time":"2024-02-21T07:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42836","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2024-02-21T07:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42839","summary":"This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42843","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986"],"published_time":"2024-02-21T07:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42823","summary":"The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42834","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2024-02-21T07:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1580","summary":"An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00584,"ranking_epss":0.69079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Mar/36","http://seclists.org/fulldisclosure/2024/Mar/37","http://seclists.org/fulldisclosure/2024/Mar/38","http://seclists.org/fulldisclosure/2024/Mar/39","http://seclists.org/fulldisclosure/2024/Mar/40","http://seclists.org/fulldisclosure/2024/Mar/41","https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS","https://code.videolan.org/videolan/dav1d/-/releases/1.4.0","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/","https://support.apple.com/kb/HT214093","https://support.apple.com/kb/HT214094","https://support.apple.com/kb/HT214095","https://support.apple.com/kb/HT214096","https://support.apple.com/kb/HT214097","https://support.apple.com/kb/HT214098","http://seclists.org/fulldisclosure/2024/Mar/36","http://seclists.org/fulldisclosure/2024/Mar/37","http://seclists.org/fulldisclosure/2024/Mar/38","http://seclists.org/fulldisclosure/2024/Mar/39","http://seclists.org/fulldisclosure/2024/Mar/40","http://seclists.org/fulldisclosure/2024/Mar/41","https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS","https://code.videolan.org/videolan/dav1d/-/releases/1.4.0","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/","https://support.apple.com/kb/HT214093","https://support.apple.com/kb/HT214094","https://support.apple.com/kb/HT214095","https://support.apple.com/kb/HT214096","https://support.apple.com/kb/HT214097","https://support.apple.com/kb/HT214098"],"published_time":"2024-02-19T11:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23210","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to view a user's phone number in system logs.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23211","summary":"A privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A user's private browsing activity may be visible in Settings.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23212","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1076,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23213","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23214","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00251,"ranking_epss":0.48466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23215","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23217","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Mar/22","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23218","summary":"A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23219","summary":"The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","http://seclists.org/fulldisclosure/2024/Jan/33","https://support.apple.com/en-us/HT214059","https://support.apple.com/kb/HT214059"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23222","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69742,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/118479","https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","https://support.apple.com/en-us/126632","http://seclists.org/fulldisclosure/2024/Feb/6","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/40","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214057","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063","https://support.apple.com/kb/HT214070","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23223","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42937","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23203","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Mar/22","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23204","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35611,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23206","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00518,"ranking_epss":0.66789,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23207","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, watchOS 10.3. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","http://seclists.org/fulldisclosure/2024/Jan/39","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23208","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03202,"ranking_epss":0.87021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40528","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/37","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT214058","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940","http://seclists.org/fulldisclosure/2024/Jan/37","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT214058","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940","https://support.apple.com/kb/HT214058"],"published_time":"2024-01-23T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42888","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42833","summary":"A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00606,"ranking_epss":0.69697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42862","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42865","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42866","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00477,"ranking_epss":0.64943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42869","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33416,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42870","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42871","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42872","summary":"The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42934","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42941","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41060","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01949,"ranking_epss":0.83493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41069","summary":"This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41075","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.3405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41974","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39941,"kev":true,"propose_action":"Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120949","https://support.apple.com/en-us/126632","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938","https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41974"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42830","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42831","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845"],"published_time":"2024-01-10T22:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32424","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38610","summary":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38612","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40385","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40394","summary":"The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213841"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40414","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00155,"ranking_epss":0.36241,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40437","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40438","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18999,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213940"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40439","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40529","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32919","summary":"The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42839","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25591,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46710","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28185","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32366","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48618","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38631,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618"],"published_time":"2024-01-09T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6593","summary":"\n\nClient side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.\n\n\n","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://devolutions.net/security/advisories/DEVO-2023-0023/","https://devolutions.net/security/advisories/DEVO-2023-0023/"],"published_time":"2023-12-12T15:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42914","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42919","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42922","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214038"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42923","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42883","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05979,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214039","https://www.debian.org/security/2023/dsa-5580","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214039","https://www.debian.org/security/2023/dsa-5580"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42884","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214038","https://support.apple.com/kb/HT214040"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42890","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42897","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","http://seclists.org/fulldisclosure/2023/Dec/7","https://support.apple.com/en-us/HT214035","https://support.apple.com/kb/HT214035"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42898","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42899","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40446","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-12-12T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-45866","summary":"Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.34352,"ranking_epss":0.96998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://bluetooth.com","https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675","https://github.com/skysafe/reblog/tree/main/cve-2023-45866","https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://security.gentoo.org/glsa/202401-03","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://www.debian.org/security/2023/dsa-5584","http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://bluetooth.com","https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675","https://github.com/skysafe/reblog/tree/main/cve-2023-45866","https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/","https://security.gentoo.org/glsa/202401-03","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://www.debian.org/security/2023/dsa-5584"],"published_time":"2023-12-08T06:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42916","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14542,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42916"],"published_time":"2023-11-30T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42917","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20846,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/3","http://seclists.org/fulldisclosure/2023/Dec/4","http://seclists.org/fulldisclosure/2023/Dec/5","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2024/Jan/35","http://www.openwall.com/lists/oss-security/2023/12/05/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT214031","https://support.apple.com/en-us/HT214032","https://support.apple.com/en-us/HT214033","https://support.apple.com/kb/HT214033","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214062","https://www.debian.org/security/2023/dsa-5575","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"],"published_time":"2023-11-30T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-39411","summary":"Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-39412","summary":"Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38570","summary":"Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-39221","summary":"Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-39228","summary":"Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29064,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-36860","summary":"Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00221,"ranking_epss":0.44752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38131","summary":"Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.35046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-22337","summary":"Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-22448","summary":"Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.3096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-22663","summary":"Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-22285","summary":"Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00207,"ranking_epss":0.43186,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-22290","summary":"Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00171,"ranking_epss":0.38303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-22292","summary":"Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.22037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46646","summary":"Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.","cvss":2.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.2,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46647","summary":"Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.","cvss":2.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.2,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-43666","summary":"Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-45109","summary":"Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-45469","summary":"Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.","cvss":2.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.2,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46298","summary":"Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.","cvss":1.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":1.9,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13273,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46299","summary":"Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46301","summary":"Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.","cvss":1.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":1.9,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-43477","summary":"Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"],"published_time":"2023-11-14T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41977","summary":"The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41982","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20587,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41983","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01108,"ranking_epss":0.78146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41988","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.2506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41997","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20587,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42841","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42845","summary":"An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.35028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42846","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.44234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42847","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00154,"ranking_epss":0.36195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42849","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42852","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02171,"ranking_epss":0.84343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42857","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32359","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/23","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","http://seclists.org/fulldisclosure/2023/Oct/23","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40408","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40413","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40416","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00285,"ranking_epss":0.52069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40423","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40445","summary":"The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0016,"ranking_epss":0.36884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982","http://seclists.org/fulldisclosure/2023/Oct/19","https://support.apple.com/en-us/HT213982","https://support.apple.com/kb/HT213982"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40447","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40449","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/21","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41072","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/24","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41254","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/26","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213985","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41976","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49949,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42824","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00965,"ranking_epss":0.76605,"kev":true,"propose_action":"Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213972","https://support.apple.com/en-us/HT213972","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42824"],"published_time":"2023-10-04T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5217","summary":"Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03573,"ranking_epss":0.87744,"kev":true,"propose_action":"Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Oct/12","http://seclists.org/fulldisclosure/2023/Oct/16","http://www.openwall.com/lists/oss-security/2023/09/28/5","http://www.openwall.com/lists/oss-security/2023/09/28/6","http://www.openwall.com/lists/oss-security/2023/09/29/1","http://www.openwall.com/lists/oss-security/2023/09/29/11","http://www.openwall.com/lists/oss-security/2023/09/29/12","http://www.openwall.com/lists/oss-security/2023/09/29/14","http://www.openwall.com/lists/oss-security/2023/09/29/2","http://www.openwall.com/lists/oss-security/2023/09/29/7","http://www.openwall.com/lists/oss-security/2023/09/29/9","http://www.openwall.com/lists/oss-security/2023/09/30/1","http://www.openwall.com/lists/oss-security/2023/09/30/2","http://www.openwall.com/lists/oss-security/2023/09/30/3","http://www.openwall.com/lists/oss-security/2023/09/30/4","http://www.openwall.com/lists/oss-security/2023/09/30/5","http://www.openwall.com/lists/oss-security/2023/10/01/1","http://www.openwall.com/lists/oss-security/2023/10/01/2","http://www.openwall.com/lists/oss-security/2023/10/01/5","http://www.openwall.com/lists/oss-security/2023/10/02/6","http://www.openwall.com/lists/oss-security/2023/10/03/11","https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","https://bugzilla.redhat.com/show_bug.cgi?id=2241191","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1486441","https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","https://github.com/webmproject/libvpx/releases/tag/v1.13.1","https://github.com/webmproject/libvpx/tags","https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://pastebin.com/TdkC4pDv","https://security-tracker.debian.org/tracker/CVE-2023-5217","https://security.gentoo.org/glsa/202310-04","https://security.gentoo.org/glsa/202401-34","https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://twitter.com/maddiestone/status/1707163313711497266","https://www.debian.org/security/2023/dsa-5508","https://www.debian.org/security/2023/dsa-5509","https://www.debian.org/security/2023/dsa-5510","https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","https://www.openwall.com/lists/oss-security/2023/09/28/5","http://seclists.org/fulldisclosure/2023/Oct/12","http://seclists.org/fulldisclosure/2023/Oct/16","http://www.openwall.com/lists/oss-security/2023/09/28/5","http://www.openwall.com/lists/oss-security/2023/09/28/6","http://www.openwall.com/lists/oss-security/2023/09/29/1","http://www.openwall.com/lists/oss-security/2023/09/29/11","http://www.openwall.com/lists/oss-security/2023/09/29/12","http://www.openwall.com/lists/oss-security/2023/09/29/14","http://www.openwall.com/lists/oss-security/2023/09/29/2","http://www.openwall.com/lists/oss-security/2023/09/29/7","http://www.openwall.com/lists/oss-security/2023/09/29/9","http://www.openwall.com/lists/oss-security/2023/09/30/1","http://www.openwall.com/lists/oss-security/2023/09/30/2","http://www.openwall.com/lists/oss-security/2023/09/30/3","http://www.openwall.com/lists/oss-security/2023/09/30/4","http://www.openwall.com/lists/oss-security/2023/09/30/5","http://www.openwall.com/lists/oss-security/2023/10/01/1","http://www.openwall.com/lists/oss-security/2023/10/01/2","http://www.openwall.com/lists/oss-security/2023/10/01/5","http://www.openwall.com/lists/oss-security/2023/10/02/6","http://www.openwall.com/lists/oss-security/2023/10/03/11","https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","https://bugzilla.redhat.com/show_bug.cgi?id=2241191","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1486441","https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","https://github.com/webmproject/libvpx/releases/tag/v1.13.1","https://github.com/webmproject/libvpx/tags","https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://pastebin.com/TdkC4pDv","https://security-tracker.debian.org/tracker/CVE-2023-5217","https://security.gentoo.org/glsa/202310-04","https://security.gentoo.org/glsa/202401-34","https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://twitter.com/maddiestone/status/1707163313711497266","https://www.debian.org/security/2023/dsa-5508","https://www.debian.org/security/2023/dsa-5509","https://www.debian.org/security/2023/dsa-5510","https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","https://www.openwall.com/lists/oss-security/2023/09/28/5","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-5217"],"published_time":"2023-09-28T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41986","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41995","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41968","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41980","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41981","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41984","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41068","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41070","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41071","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41073","summary":"An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41074","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01121,"ranking_epss":0.78275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://www.debian.org/security/2023/dsa-5527","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://webkitgtk.org/security/WSA-2023-0009.html","https://www.debian.org/security/2023/dsa-5527"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41174","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41232","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41065","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06611,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41063","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40520","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40454","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40456","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40452","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40441","summary":"A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00246,"ranking_epss":0.47913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40443","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213940","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40448","summary":"The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00928,"ranking_epss":0.76116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40434","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40432","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40429","summary":"A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40431","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40427","summary":"The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40428","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40424","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40412","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40417","summary":"A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00423,"ranking_epss":0.62201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213941"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40419","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.0781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40420","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00199,"ranking_epss":0.41992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40403","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40409","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40410","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40400","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01587,"ranking_epss":0.81655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40395","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40399","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40391","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213939","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40384","summary":"A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-39434","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00651,"ranking_epss":0.70888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://webkitgtk.org/security/WSA-2023-0009.html"],"published_time":"2023-09-27T15:18:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38596","summary":"The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32361","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32396","summary":"This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213939","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35074","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://webkitgtk.org/security/WSA-2023-0009.html"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35984","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35990","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41991","summary":"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03217,"ranking_epss":0.8706,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41991"],"published_time":"2023-09-21T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41992","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01172,"ranking_epss":0.78706,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41992"],"published_time":"2023-09-21T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41993","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.24414,"ranking_epss":0.9612,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-33","https://security.netapp.com/advisory/ntap-20240426-0004/","https://support.apple.com/en-us/HT213940","https://security.gentoo.org/glsa/202401-33","https://security.netapp.com/advisory/ntap-20240426-0004/","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213926","https://support.apple.com/kb/HT213930","https://webkitgtk.org/security/WSA-2023-0009.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"],"published_time":"2023-09-21T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41387","summary":"A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://pub.dev/packages/flutter_downloader/changelog","https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data","https://pub.dev/packages/flutter_downloader/changelog","https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data"],"published_time":"2023-09-19T09:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40442","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213841"],"published_time":"2023-09-12T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41990","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02687,"ranking_epss":0.8588,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41990"],"published_time":"2023-09-12T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41061","summary":"A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00985,"ranking_epss":0.76863,"kev":true,"propose_action":"Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Sep/4","http://seclists.org/fulldisclosure/2023/Sep/5","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213907","https://support.apple.com/kb/HT213905","https://support.apple.com/kb/HT213907","http://seclists.org/fulldisclosure/2023/Sep/4","http://seclists.org/fulldisclosure/2023/Sep/5","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213907","https://support.apple.com/kb/HT213905","https://support.apple.com/kb/HT213907","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41061"],"published_time":"2023-09-07T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41064","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.85353,"ranking_epss":0.99367,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.","ransomware_campaign":"Unknown","references":["http://www.openwall.com/lists/oss-security/2023/09/21/4","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213906","https://support.apple.com/en-us/HT213913","https://support.apple.com/en-us/HT213914","https://support.apple.com/en-us/HT213915","http://www.openwall.com/lists/oss-security/2023/09/21/4","https://support.apple.com/en-us/HT213905","https://support.apple.com/en-us/HT213906","https://support.apple.com/en-us/HT213913","https://support.apple.com/en-us/HT213914","https://support.apple.com/en-us/HT213915","https://support.apple.com/kb/HT213913","https://support.apple.com/kb/HT213915","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41064"],"published_time":"2023-09-07T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40392","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.2706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-09-06T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38605","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844"],"published_time":"2023-09-06T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32425","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32428","summary":"This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0103,"ranking_epss":0.77364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32432","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32438","summary":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34352","summary":"A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28208","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.38963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-09-06T02:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4359","summary":"Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1443722","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1443722","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46724","summary":"This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46725","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.2581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213676","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48503","summary":"The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39656,"kev":true,"propose_action":"Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28198","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/09/11/1","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","http://www.openwall.com/lists/oss-security/2023/09/11/1","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32358","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213676"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22655","summary":"An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21993,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183"],"published_time":"2023-08-14T23:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38604","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32445","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34425","summary":"The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00629,"ranking_epss":0.70302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-36495","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65474,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-37285","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00298,"ranking_epss":0.53252,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38590","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02841,"ranking_epss":0.86224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38592","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00583,"ranking_epss":0.69017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38598","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38599","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00435,"ranking_epss":0.62911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38611","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38600","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38603","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00506,"ranking_epss":0.66262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-07-27T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38580","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38593","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38595","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38424","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38425","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00191,"ranking_epss":0.41051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38565","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38572","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38261","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T01:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38136","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32734","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.2257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35993","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32441","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32416","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32393","summary":"The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-07-27T01:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38597","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00328,"ranking_epss":0.55874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213847","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213847","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38606","summary":"This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30065,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38606"],"published_time":"2023-07-27T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32437","summary":"The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213841","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-37450","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16861,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213826","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213826","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37450"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38133","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.60702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38410","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38594","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00525,"ranking_epss":0.67021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32381","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.2131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T00:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32433","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T00:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32404","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32407","summary":"A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.02328,"ranking_epss":0.84844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32408","summary":"The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32409","summary":"The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00328,"ranking_epss":0.55866,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213842","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32409"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32410","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32411","summary":"This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32412","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01153,"ranking_epss":0.78537,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32413","summary":"A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69186,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32415","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32419","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01758,"ranking_epss":0.82632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213757"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32420","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32422","summary":"This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32423","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32434","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.57754,"ranking_epss":0.98181,"kev":true,"propose_action":"Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Oct/20","https://support.apple.com/en-us/HT213808","https://support.apple.com/en-us/HT213809","https://support.apple.com/en-us/HT213810","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213812","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/kb/HT213990","http://seclists.org/fulldisclosure/2023/Oct/20","https://support.apple.com/en-us/HT213808","https://support.apple.com/en-us/HT213809","https://support.apple.com/en-us/HT213810","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213812","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/kb/HT213990","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32434"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32435","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00233,"ranking_epss":0.46248,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213811","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32435"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32439","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0116,"ranking_epss":0.78615,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/en-us/HT213816","https://support.apple.com/kb/HT213814","https://support.apple.com/kb/HT213816","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213811","https://support.apple.com/en-us/HT213813","https://support.apple.com/en-us/HT213814","https://support.apple.com/en-us/HT213816","https://support.apple.com/kb/HT213814","https://support.apple.com/kb/HT213816","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32439"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32373","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12764,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32373"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32376","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32384","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32385","summary":"A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32388","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32389","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32390","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32391","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.1448,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32392","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32394","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32397","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32398","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32399","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32400","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32402","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30908,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32403","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27930","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27940","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28191","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28202","summary":"This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28204","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21586,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32352","summary":"A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213761"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32354","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32357","summary":"An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32365","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32367","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32368","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32371","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32372","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42792","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213489"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46715","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213489"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46718","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27969","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.3636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27970","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28178","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03356,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28181","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.1667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28182","summary":"The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28194","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null}]}