{"cves":[{"cve_id":"CVE-2025-43210","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155"],"published_time":"2026-04-02T19:20:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28882","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02726,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28886","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19172,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28870","summary":"An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28878","summary":"A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.19944,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28879","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.1194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28859","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28863","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28865","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.3138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28867","summary":"This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06296,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28852","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-28822","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker may be able to cause unexpected app termination.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02603,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20698","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20665","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799","https://support.apple.com/en-us/126800"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20687","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20690","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciously crafted media file may terminate the process.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126792","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126794","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796","https://support.apple.com/en-us/126797","https://support.apple.com/en-us/126798","https://support.apple.com/en-us/126799"],"published_time":"2026-03-25T01:17:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20637","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02603,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126793","https://support.apple.com/en-us/126795","https://support.apple.com/en-us/126796"],"published_time":"2026-03-25T01:17:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20700","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.61256,"kev":true,"propose_action":"Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700"],"published_time":"2026-02-11T23:16:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20671","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20675","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-174/"],"published_time":"2026-02-11T23:16:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20654","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20641","summary":"A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20649","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09558,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20650","summary":"A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20628","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20634","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20635","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://support.apple.com/en-us/126354"],"published_time":"2026-02-11T23:16:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20617","summary":"A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20609","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-20611","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/126346","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126348","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350","https://support.apple.com/en-us/126351","https://support.apple.com/en-us/126352","https://support.apple.com/en-us/126353","https://www.zerodayinitiative.com/advisories/ZDI-26-173/"],"published_time":"2026-02-11T23:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-50890","summary":"Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00443,"ranking_epss":0.63333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/owlfiles-file-manager/id510282524","https://www.exploit-db.com/exploits/51036","https://www.skyjos.com/","https://www.vulncheck.com/advisories/owlfiles-file-manager-path-traversal","https://www.exploit-db.com/exploits/51036"],"published_time":"2026-01-13T23:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-50891","summary":"Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":5.1,"epss":0.00061,"ranking_epss":0.18986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://apps.apple.com/us/app/owlfiles-file-manager/id510282524","https://www.exploit-db.com/exploits/51036","https://www.skyjos.com/","https://www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-via-http-server","https://www.exploit-db.com/exploits/51036"],"published_time":"2026-01-13T23:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46298","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.1634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46299","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06029,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2026-01-09T22:15:59","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-46279","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891"],"published_time":"2025-12-17T21:16:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43533","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/126347","https://support.apple.com/en-us/126349","https://support.apple.com/en-us/126350"],"published_time":"2025-12-17T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43529","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.38944,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"],"published_time":"2025-12-17T21:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43531","summary":"A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125884","https://support.apple.com/en-us/125885","https://support.apple.com/en-us/125886","https://support.apple.com/en-us/125889","https://support.apple.com/en-us/125890","https://support.apple.com/en-us/125891","https://support.apple.com/en-us/125892"],"published_time":"2025-12-17T21:16:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43520","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00273,"ranking_epss":0.50767,"kev":true,"propose_action":"Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43520"],"published_time":"2025-12-12T21:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43510","summary":"A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00511,"ranking_epss":0.66478,"kev":true,"propose_action":"Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43510"],"published_time":"2025-12-12T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14174","summary":"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01047,"ranking_epss":0.77526,"kev":true,"propose_action":"Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/466192044","https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"],"published_time":"2025-12-12T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43205","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-11-12T01:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43480","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43458","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43462","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43443","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43444","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43445","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14137,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43448","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43432","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43433","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43435","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.1492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43436","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43440","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43441","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.1492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43425","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43427","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43429","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43430","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43431","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43407","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43419","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43392","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639","https://support.apple.com/en-us/125640"],"published_time":"2025-11-04T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43398","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05296,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43379","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638","https://support.apple.com/en-us/125639"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43383","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43384","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43385","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43386","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125632","https://support.apple.com/en-us/125633","https://support.apple.com/en-us/125634","https://support.apple.com/en-us/125637","https://support.apple.com/en-us/125638"],"published_time":"2025-11-04T02:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43361","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A malicious app may be able to read kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/125635","https://support.apple.com/en-us/125636"],"published_time":"2025-11-04T02:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43345","summary":"A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43323","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116"],"published_time":"2025-11-04T02:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43282","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155"],"published_time":"2025-10-15T20:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43372","summary":"The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","https://support.apple.com/en-us/125636","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43349","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.","cvss":2.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.8,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43354","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02916,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43355","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43356","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43359","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43342","summary":"A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00332,"ranking_epss":0.56094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/09/22/3"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43343","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125113","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/59","http://www.openwall.com/lists/oss-security/2025/10/13/4","https://access.redhat.com/errata/RHSA-2025:19946","https://security-tracker.debian.org/tracker/CVE-2025-43343","https://ubuntu.com/security/CVE-2025-43343","https://webkitgtk.org/security/WSA-2025-0007.html"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43344","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43346","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43347","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An input validation issue was addressed.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00175,"ranking_epss":0.38937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/56","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43329","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57"],"published_time":"2025-09-15T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43317","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43302","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125109","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/50","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43303","summary":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125115","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/57","http://seclists.org/fulldisclosure/2025/Sep/58"],"published_time":"2025-09-15T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31255","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, watchOS 26. An app may be able to access sensitive user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/125108","https://support.apple.com/en-us/125110","https://support.apple.com/en-us/125111","https://support.apple.com/en-us/125112","https://support.apple.com/en-us/125114","https://support.apple.com/en-us/125116","http://seclists.org/fulldisclosure/2025/Sep/49","http://seclists.org/fulldisclosure/2025/Sep/53","http://seclists.org/fulldisclosure/2025/Sep/54","http://seclists.org/fulldisclosure/2025/Sep/55","http://seclists.org/fulldisclosure/2025/Sep/57"],"published_time":"2025-09-15T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43265","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43230","summary":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43234","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43221","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43223","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43224","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43226","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43227","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.43908,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43209","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00205,"ranking_epss":0.42668,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43211","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43212","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.31973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43213","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00164,"ranking_epss":0.37371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43214","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43216","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.36018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31281","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-43186","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Parsing a file may lead to an unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.46896,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124150","https://support.apple.com/en-us/124151","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/33","http://seclists.org/fulldisclosure/2025/Jul/34","http://seclists.org/fulldisclosure/2025/Jul/36","http://seclists.org/fulldisclosure/2025/Jul/37"],"published_time":"2025-07-30T00:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24224","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, macOS Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to cause unexpected system termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00365,"ranking_epss":0.58525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124151","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/34"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31273","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31277","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00176,"ranking_epss":0.39079,"kev":true,"propose_action":"Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31278","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.3441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/124147","https://support.apple.com/en-us/124148","https://support.apple.com/en-us/124149","https://support.apple.com/en-us/124152","https://support.apple.com/en-us/124153","https://support.apple.com/en-us/124154","https://support.apple.com/en-us/124155","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/31","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/36","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"],"published_time":"2025-07-30T00:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31262","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.2504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073"],"published_time":"2025-05-19T16:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24184","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.26976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073"],"published_time":"2025-05-19T16:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24189","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00912,"ranking_epss":0.7588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://www.openwall.com/lists/oss-security/2025/08/02/1"],"published_time":"2025-05-19T16:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31251","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31257","summary":"This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00799,"ranking_epss":0.74065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31238","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.0126,"ranking_epss":0.79436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31239","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31241","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app termination.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00845,"ranking_epss":0.74811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31245","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31223","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31226","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18854,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31233","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0051,"ranking_epss":0.66438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31234","summary":"The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00523,"ranking_epss":0.66942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31209","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user information.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31212","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.21959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31215","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01121,"ranking_epss":0.7827,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31217","summary":"The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00759,"ranking_epss":0.73361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31219","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.005,"ranking_epss":0.65971,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31221","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00764,"ranking_epss":0.73467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31222","summary":"A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31204","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00666,"ranking_epss":0.71258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31205","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37894,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31206","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01111,"ranking_epss":0.78173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31208","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01028,"ranking_epss":0.7733,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24223","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/12","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/5","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-05-12T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24111","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35252,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24144","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122717","https://support.apple.com/en-us/122718","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/8","http://seclists.org/fulldisclosure/2025/May/9"],"published_time":"2025-05-12T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31202","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31203","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24179","summary":"A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24206","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24251","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00228,"ranking_epss":0.45544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24252","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://github.com/cakescats/airborn-IOS-CVE-2025-24252/blob/main/airborn_arts_CVE-2025-24252_extractor.sh"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24270","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24271","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30445","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31197","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378"],"published_time":"2025-04-29T03:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31200","summary":"A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02105,"ranking_epss":0.84111,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122282","https://support.apple.com/en-us/122400","https://support.apple.com/en-us/122401","https://support.apple.com/en-us/122402","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/Apr/26","http://seclists.org/fulldisclosure/2025/Jun/14","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/Oct/0","http://seclists.org/fulldisclosure/2025/Oct/4","https://blog.noahhw.dev/posts/cve-2025-31200/","https://news.ycombinator.com/item?id=44161894","https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md","https://github.com/cisagov/vulnrichment/issues/200","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200"],"published_time":"2025-04-16T19:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31201","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02313,"ranking_epss":0.84795,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122282","https://support.apple.com/en-us/122400","https://support.apple.com/en-us/122401","https://support.apple.com/en-us/122402","http://seclists.org/fulldisclosure/2025/Apr/26","http://seclists.org/fulldisclosure/2025/Jun/14","http://seclists.org/fulldisclosure/2025/Oct/0","http://seclists.org/fulldisclosure/2025/Oct/3","http://seclists.org/fulldisclosure/2025/Oct/4","https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md","https://github.com/cisagov/vulnrichment/issues/200","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31201"],"published_time":"2025-04-16T19:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42970","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00467,"ranking_epss":0.6448,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120330","https://support.apple.com/en-us/120947","https://support.apple.com/en-us/120948","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42875","summary":"Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120330","https://support.apple.com/en-us/120947","https://support.apple.com/en-us/120948","https://support.apple.com/en-us/120949","https://support.apple.com/en-us/120950"],"published_time":"2025-04-11T15:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31191","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25647,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/"],"published_time":"2025-03-31T23:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30471","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00989,"ranking_epss":0.76902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31182","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00704,"ranking_epss":0.72118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-31183","summary":"The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00717,"ranking_epss":0.72428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30447","summary":"The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30454","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30427","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01119,"ranking_epss":0.7825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30429","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30432","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30438","summary":"This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21733,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","https://support.apple.com/en-us/122376"],"published_time":"2025-03-31T23:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30425","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.6065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-30426","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00833,"ranking_epss":0.7462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24264","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01384,"ranking_epss":0.8034,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24238","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00808,"ranking_epss":0.74226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24243","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26711,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24244","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24230","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24211","summary":"This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24212","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24213","summary":"This issue was addressed with improved handling of floats. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A type confusion issue could lead to memory corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122404","https://support.apple.com/en-us/122405","https://support.apple.com/en-us/122716","https://support.apple.com/en-us/122719","https://support.apple.com/en-us/122720","https://support.apple.com/en-us/122721","https://support.apple.com/en-us/122722","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/May/10","http://seclists.org/fulldisclosure/2025/May/11","http://seclists.org/fulldisclosure/2025/May/13","http://seclists.org/fulldisclosure/2025/May/6","http://seclists.org/fulldisclosure/2025/May/7","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24214","summary":"A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24216","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00821,"ranking_epss":0.74436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24217","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26347,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24209","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.02557,"ranking_epss":0.85534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122379","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/2","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24210","summary":"A logic error was addressed with improved error handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Parsing an image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24190","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24194","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01074,"ranking_epss":0.77795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8"],"published_time":"2025-03-31T23:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24097","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to read arbitrary file metadata.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17167,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122405","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9","http://seclists.org/fulldisclosure/2025/May/6"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24173","summary":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24178","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00666,"ranking_epss":0.71253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Apr/9"],"published_time":"2025-03-31T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54551","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing web content may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66188,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-21T00:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54525","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01656,"ranking_epss":0.82078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-03-17T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-43454","summary":"A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/102741","https://support.apple.com/en-us/102807","https://support.apple.com/en-us/102808","https://support.apple.com/en-us/102836"],"published_time":"2025-03-10T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44192","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54467","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54560","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121250"],"published_time":"2025-03-10T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54658","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.4428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895"],"published_time":"2025-02-10T19:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27859","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895"],"published_time":"2025-02-10T19:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24161","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24162","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01179,"ranking_epss":0.78756,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24163","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sequoia 15.4, macOS Sonoma 14.7.3, tvOS 18.3, tvOS 18.4, visionOS 2.3, visionOS 2.4, watchOS 11.3, watchOS 11.4. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122371","https://support.apple.com/en-us/122373","https://support.apple.com/en-us/122376","https://support.apple.com/en-us/122377","https://support.apple.com/en-us/122378","http://seclists.org/fulldisclosure/2025/Apr/11","http://seclists.org/fulldisclosure/2025/Apr/12","http://seclists.org/fulldisclosure/2025/Apr/13","http://seclists.org/fulldisclosure/2025/Apr/4","http://seclists.org/fulldisclosure/2025/Apr/8","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24149","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11997,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24158","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0086,"ranking_epss":0.75056,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122074","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/20","https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24159","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24160","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24131","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24137","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3. An attacker on the local network may corrupt process memory.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24123","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39163,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24124","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.0919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24126","summary":"An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt process memory.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24127","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3. Parsing a file may lead to an unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24129","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may cause an unexpected app termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.29943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/18","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24107","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02304,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24086","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17","http://seclists.org/fulldisclosure/2025/Jan/19"],"published_time":"2025-01-27T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54541","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54543","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2025/Apr/5"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-24085","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.14832,"ranking_epss":0.94532,"kev":true,"propose_action":"Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375","http://seclists.org/fulldisclosure/2025/Apr/10","http://seclists.org/fulldisclosure/2025/Apr/5","http://seclists.org/fulldisclosure/2025/Apr/9","http://seclists.org/fulldisclosure/2025/Jan/12","http://seclists.org/fulldisclosure/2025/Jan/13","http://seclists.org/fulldisclosure/2025/Jan/15","http://seclists.org/fulldisclosure/2025/Jan/19","http://seclists.org/fulldisclosure/2025/Jun/19","http://seclists.org/fulldisclosure/2025/Oct/1","http://seclists.org/fulldisclosure/2025/Oct/23","http://seclists.org/fulldisclosure/2025/Oct/30","http://seclists.org/fulldisclosure/2025/Oct/31","https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201","https://github.com/cisagov/vulnrichment/issues/194","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085"],"published_time":"2025-01-27T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54517","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54518","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54522","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17845,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54523","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.36908,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54468","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54478","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/122067","http://seclists.org/fulldisclosure/2025/Jan/14"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54497","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/122067","https://support.apple.com/en-us/122069","https://support.apple.com/en-us/122070","http://seclists.org/fulldisclosure/2025/Jan/14","http://seclists.org/fulldisclosure/2025/Jan/16","http://seclists.org/fulldisclosure/2025/Jan/17"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54499","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845"],"published_time":"2025-01-27T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27856","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40771","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906"],"published_time":"2025-01-15T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54538","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A remote attacker may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01986,"ranking_epss":0.83628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-12-20T01:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54534","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0107,"ranking_epss":0.77753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://security.netapp.com/advisory/ntap-20250418-0002/"],"published_time":"2024-12-12T02:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54505","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00587,"ranking_epss":0.69133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54508","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01383,"ranking_epss":0.80331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54510","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to leak sensitive kernel state.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54513","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54514","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54526","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00458,"ranking_epss":0.63996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54527","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54486","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54494","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An attacker may be able to create a read-only memory mapping that can be written to.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00211,"ranking_epss":0.43653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54500","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54501","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted file may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/12","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/9"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54502","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.07285,"ranking_epss":0.9168,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","https://support.apple.com/en-us/122372","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/5","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2025/Apr/5","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-54479","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.007,"ranking_epss":0.72018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","https://support.apple.com/en-us/121845","https://support.apple.com/en-us/121846","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/13","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html"],"published_time":"2024-12-12T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44212","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39533,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44225","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121837","https://support.apple.com/en-us/121838","https://support.apple.com/en-us/121839","https://support.apple.com/en-us/121840","https://support.apple.com/en-us/121842","https://support.apple.com/en-us/121843","https://support.apple.com/en-us/121844","http://seclists.org/fulldisclosure/2024/Dec/10","http://seclists.org/fulldisclosure/2024/Dec/11","http://seclists.org/fulldisclosure/2024/Dec/6","http://seclists.org/fulldisclosure/2024/Dec/7","http://seclists.org/fulldisclosure/2024/Dec/8"],"published_time":"2024-12-12T02:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44232","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44233","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44234","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570"],"published_time":"2024-11-01T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44240","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44302","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44282","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44285","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01372,"ranking_epss":0.80251,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44296","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00664,"ranking_epss":0.71213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44297","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing a maliciously crafted message may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44255","summary":"A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to run arbitrary shortcuts without user consent.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.1749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44258","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.01677,"ranking_epss":0.822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44273","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44277","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1. An app may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44215","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing an image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44239","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121568","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/12","http://seclists.org/fulldisclosure/2024/Oct/13","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44244","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00279,"ranking_epss":0.51356,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121564","https://support.apple.com/en-us/121565","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121569","https://support.apple.com/en-us/121571","http://seclists.org/fulldisclosure/2024/Oct/11","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/19","http://seclists.org/fulldisclosure/2024/Oct/9","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44252","summary":"A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121563","https://support.apple.com/en-us/121566","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121569","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/15","http://seclists.org/fulldisclosure/2024/Oct/16","http://seclists.org/fulldisclosure/2024/Oct/9"],"published_time":"2024-10-28T21:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44144","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","https://support.apple.com/en-us/121567","https://support.apple.com/en-us/121570","http://seclists.org/fulldisclosure/2024/Oct/10","http://seclists.org/fulldisclosure/2024/Oct/12"],"published_time":"2024-10-28T21:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44185","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44206","summary":"An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00465,"ranking_epss":0.64401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Nov/6"],"published_time":"2024-10-24T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44187","summary":"A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00539,"ranking_epss":0.67613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/37","https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44191","summary":"This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06468,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121239","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44198","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36"],"published_time":"2024-09-17T00:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44169","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44176","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55168,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-44183","summary":"A logic error was addressed with improved error handling. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40850","summary":"A file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, tvOS 18, visionOS 2, watchOS 11. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121234","https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40","http://seclists.org/fulldisclosure/2024/Sep/41"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40857","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121241","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/37"],"published_time":"2024-09-17T00:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27880","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, tvOS 18, visionOS 2, watchOS 11. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/121238","https://support.apple.com/en-us/121240","https://support.apple.com/en-us/121246","https://support.apple.com/en-us/121247","https://support.apple.com/en-us/121248","https://support.apple.com/en-us/121249","https://support.apple.com/en-us/121250","http://seclists.org/fulldisclosure/2024/Sep/32","http://seclists.org/fulldisclosure/2024/Sep/33","http://seclists.org/fulldisclosure/2024/Sep/36","http://seclists.org/fulldisclosure/2024/Sep/39","http://seclists.org/fulldisclosure/2024/Sep/40"],"published_time":"2024-09-17T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40805","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40806","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40815","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.07151,"ranking_epss":0.91581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40824","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40788","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to cause unexpected system shutdown.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40789","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00696,"ranking_epss":0.71949,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40795","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.0672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40799","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27884","summary":"This issue was addressed with a new entitlement. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40774","summary":"A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40776","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40777","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40779","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.077,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40780","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40782","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00389,"ranking_epss":0.60046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40784","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-40785","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00637,"ranking_epss":0.70509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120908","https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120913","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/17","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://support.apple.com/en-us/HT214116","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214121","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214116","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27823","summary":"A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to spoof network packets.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00185,"ranking_epss":0.40194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214123","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214123"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27826","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.07977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120910","https://support.apple.com/en-us/120912","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/19","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214118","https://support.apple.com/en-us/HT214120","https://support.apple.com/en-us/HT214123","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214118","https://support.apple.com/kb/HT214120","https://support.apple.com/kb/HT214123"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27863","summary":"An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120909","https://support.apple.com/en-us/120911","https://support.apple.com/en-us/120914","https://support.apple.com/en-us/120915","https://support.apple.com/en-us/120916","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","http://seclists.org/fulldisclosure/2024/Jul/21","http://seclists.org/fulldisclosure/2024/Jul/22","http://seclists.org/fulldisclosure/2024/Jul/23","https://support.apple.com/en-us/HT214117","https://support.apple.com/en-us/HT214119","https://support.apple.com/en-us/HT214122","https://support.apple.com/en-us/HT214123","https://support.apple.com/en-us/HT214124","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214122","https://support.apple.com/kb/HT214123","https://support.apple.com/kb/HT214124"],"published_time":"2024-07-29T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40396","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42949","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940"],"published_time":"2024-07-29T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27832","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27833","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01223,"ranking_epss":0.79122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214103","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27838","summary":"The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0089,"ranking_epss":0.75557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27840","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27851","summary":"The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00982,"ranking_epss":0.76819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27857","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01086,"ranking_epss":0.77918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27806","summary":"This issue was addressed with improved environment sanitization. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27808","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00822,"ranking_epss":0.74451,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27811","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27815","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.24649,"ranking_epss":0.96149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27817","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27820","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01283,"ranking_epss":0.79621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27828","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27830","summary":"This issue was addressed through improved state management. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01337,"ranking_epss":0.80021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27831","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27800","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a maliciously crafted message may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27801","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27802","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120906","http://seclists.org/fulldisclosure/2024/Jun/5","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/en-us/HT214108","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214108"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27805","summary":"An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/HT214100","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214105","https://support.apple.com/en-us/HT214106","https://support.apple.com/en-us/HT214107","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-06-10T21:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27834","summary":"The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00773,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120896","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","http://seclists.org/fulldisclosure/2024/May/9","http://www.openwall.com/lists/oss-security/2024/05/21/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214103","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27804","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.04186,"ranking_epss":0.88727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","https://support.apple.com/en-us/120915","http://seclists.org/fulldisclosure/2024/Jul/23","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214123"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27810","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120899","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214105","https://support.apple.com/kb/HT214106","https://support.apple.com/kb/HT214107"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27816","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker may be able to access user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120901","https://support.apple.com/en-us/120902","https://support.apple.com/en-us/120903","https://support.apple.com/en-us/120905","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","http://seclists.org/fulldisclosure/2024/May/16","http://seclists.org/fulldisclosure/2024/May/17","https://support.apple.com/en-us/HT214101","https://support.apple.com/en-us/HT214102","https://support.apple.com/en-us/HT214104","https://support.apple.com/en-us/HT214106","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214102","https://support.apple.com/kb/HT214104","https://support.apple.com/kb/HT214106"],"published_time":"2024-05-14T15:13:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23271","summary":"A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-27791","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3. An app may be able to corrupt coprocessor memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.0625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-04-24T17:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42936","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17678,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42947","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42950","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00645,"ranking_epss":0.70703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://security.netapp.com/advisory/ntap-20241018-0009/","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039"],"published_time":"2024-03-28T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42893","summary":"A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106","http://seclists.org/fulldisclosure/2024/May/10","http://seclists.org/fulldisclosure/2024/May/12","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041","https://support.apple.com/kb/HT214101","https://support.apple.com/kb/HT214106"],"published_time":"2024-03-28T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23288","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23290","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23291","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23293","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23297","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4. A malicious application may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23264","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23265","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23270","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23278","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, watchOS 10.4. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.2256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23280","summary":"An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00515,"ranking_epss":0.66641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23284","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00884,"ranking_epss":0.75453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23286","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01015,"ranking_epss":0.7719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214085","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23239","summary":"A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.1802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23241","summary":"This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23246","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23250","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23254","summary":"The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00468,"ranking_epss":0.64493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23263","summary":"A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0062,"ranking_epss":0.70063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120894","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/20","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://www.openwall.com/lists/oss-security/2024/03/26/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/en-us/HT214089","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214089"],"published_time":"2024-03-08T02:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0258","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.0558,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23201","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214083","https://support.apple.com/en-us/HT214085","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23226","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00898,"ranking_epss":0.7567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23235","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to access user-sensitive data.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/en-us/HT214084","https://support.apple.com/en-us/HT214086","https://support.apple.com/en-us/HT214087","https://support.apple.com/en-us/HT214088","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088"],"published_time":"2024-03-08T02:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23225","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40369,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","http://seclists.org/fulldisclosure/2024/Mar/18","http://seclists.org/fulldisclosure/2024/Mar/19","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","https://support.apple.com/en-us/HT214081","https://support.apple.com/en-us/HT214082","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214085","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23225"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23296","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41489,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/120881","https://support.apple.com/en-us/120882","https://support.apple.com/en-us/120883","https://support.apple.com/en-us/120893","https://support.apple.com/en-us/120895","https://support.apple.com/en-us/120898","https://support.apple.com/en-us/120900","https://support.apple.com/en-us/120910","http://seclists.org/fulldisclosure/2024/Jul/20","http://seclists.org/fulldisclosure/2024/Mar/18","http://seclists.org/fulldisclosure/2024/Mar/21","http://seclists.org/fulldisclosure/2024/Mar/24","http://seclists.org/fulldisclosure/2024/Mar/25","http://seclists.org/fulldisclosure/2024/Mar/26","http://seclists.org/fulldisclosure/2024/May/11","http://seclists.org/fulldisclosure/2024/May/13","https://support.apple.com/en-us/HT214081","https://support.apple.com/kb/HT214081","https://support.apple.com/kb/HT214084","https://support.apple.com/kb/HT214086","https://support.apple.com/kb/HT214087","https://support.apple.com/kb/HT214088","https://support.apple.com/kb/HT214100","https://support.apple.com/kb/HT214107","https://support.apple.com/kb/HT214118","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23296"],"published_time":"2024-03-05T20:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42946","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42953","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42942","summary":"This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42848","summary":"The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42873","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213987"],"published_time":"2024-02-21T07:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42839","summary":"This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42823","summary":"The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213983","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213985","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213983","https://support.apple.com/kb/HT213984","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988"],"published_time":"2024-02-21T07:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23210","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to view a user's phone number in system logs.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06377,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23212","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/37","http://seclists.org/fulldisclosure/2024/Jan/38","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214057","https://support.apple.com/en-us/HT214058","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23213","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23215","summary":"An issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23218","summary":"A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120880","https://support.apple.com/en-us/120884","https://support.apple.com/en-us/120886","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://seclists.org/fulldisclosure/2024/Mar/22","http://seclists.org/fulldisclosure/2024/Mar/23","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214082","https://support.apple.com/kb/HT214083","https://support.apple.com/kb/HT214085"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23222","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. This fix associated with the Coruna exploit was shipped in iOS 17.3 on January 22, 2024. This update brings that fix to devices that cannot update to the latest iOS version.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69724,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/118479","https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120305","https://support.apple.com/en-us/120307","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","https://support.apple.com/en-us/126632","http://seclists.org/fulldisclosure/2024/Feb/6","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/40","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214057","https://support.apple.com/kb/HT214058","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063","https://support.apple.com/kb/HT214070","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23222"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23223","summary":"A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23206","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00518,"ranking_epss":0.6678,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120310","https://support.apple.com/en-us/120311","https://support.apple.com/en-us/120339","http://seclists.org/fulldisclosure/2024/Jan/27","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/34","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214056","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/en-us/HT214063","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214056","https://support.apple.com/kb/HT214059","https://support.apple.com/kb/HT214060","https://support.apple.com/kb/HT214061","https://support.apple.com/kb/HT214063"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-23208","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.03202,"ranking_epss":0.87023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/120304","https://support.apple.com/en-us/120306","https://support.apple.com/en-us/120309","https://support.apple.com/en-us/120311","http://seclists.org/fulldisclosure/2024/Jan/33","http://seclists.org/fulldisclosure/2024/Jan/36","http://seclists.org/fulldisclosure/2024/Jan/39","http://seclists.org/fulldisclosure/2024/Jan/40","https://support.apple.com/en-us/HT214055","https://support.apple.com/en-us/HT214059","https://support.apple.com/en-us/HT214060","https://support.apple.com/en-us/HT214061","https://support.apple.com/kb/HT214055","https://support.apple.com/kb/HT214061"],"published_time":"2024-01-23T01:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40528","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jan/37","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT214058","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940","http://seclists.org/fulldisclosure/2024/Jan/37","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT214058","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940","https://support.apple.com/kb/HT214058"],"published_time":"2024-01-23T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42862","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42865","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00193,"ranking_epss":0.41153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42866","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00477,"ranking_epss":0.6493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40414","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00155,"ranking_epss":0.36199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://www.openwall.com/lists/oss-security/2024/02/05/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941"],"published_time":"2024-01-10T22:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28185","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2024-01-10T22:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48618","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38571,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618"],"published_time":"2024-01-09T18:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42914","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07953,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42883","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05953,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214039","https://www.debian.org/security/2023/dsa-5580","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214034","https://support.apple.com/kb/HT214039","https://www.debian.org/security/2023/dsa-5580"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42884","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214038","https://support.apple.com/kb/HT214040"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42890","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/6","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","http://www.openwall.com/lists/oss-security/2023/12/18/1","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214039","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214039"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42898","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42899","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","http://seclists.org/fulldisclosure/2023/Dec/10","http://seclists.org/fulldisclosure/2023/Dec/11","http://seclists.org/fulldisclosure/2023/Dec/12","http://seclists.org/fulldisclosure/2023/Dec/13","http://seclists.org/fulldisclosure/2023/Dec/7","http://seclists.org/fulldisclosure/2023/Dec/8","http://seclists.org/fulldisclosure/2023/Dec/9","https://support.apple.com/en-us/HT214034","https://support.apple.com/en-us/HT214035","https://support.apple.com/en-us/HT214036","https://support.apple.com/en-us/HT214037","https://support.apple.com/en-us/HT214038","https://support.apple.com/en-us/HT214040","https://support.apple.com/en-us/HT214041","https://support.apple.com/kb/HT214035","https://support.apple.com/kb/HT214036","https://support.apple.com/kb/HT214037","https://support.apple.com/kb/HT214040","https://support.apple.com/kb/HT214041"],"published_time":"2023-12-12T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42846","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.44187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/25","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213981","https://support.apple.com/kb/HT213982","https://support.apple.com/kb/HT213987","https://support.apple.com/kb/HT213988"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-42852","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02171,"ranking_epss":0.84341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","https://www.debian.org/security/2023/dsa-5557"],"published_time":"2023-10-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40447","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37678,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41976","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984","http://seclists.org/fulldisclosure/2023/Oct/19","http://seclists.org/fulldisclosure/2023/Oct/22","http://seclists.org/fulldisclosure/2023/Oct/23","http://seclists.org/fulldisclosure/2023/Oct/24","http://seclists.org/fulldisclosure/2023/Oct/25","http://seclists.org/fulldisclosure/2023/Oct/27","https://support.apple.com/en-us/HT213981","https://support.apple.com/en-us/HT213982","https://support.apple.com/en-us/HT213984","https://support.apple.com/en-us/HT213986","https://support.apple.com/en-us/HT213987","https://support.apple.com/en-us/HT213988","https://support.apple.com/kb/HT213984"],"published_time":"2023-10-25T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41968","summary":"This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41981","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41984","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10241,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41068","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41071","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41073","summary":"An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41074","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01121,"ranking_epss":0.78265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://www.debian.org/security/2023/dsa-5527","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://webkitgtk.org/security/WSA-2023-0009.html","https://www.debian.org/security/2023/dsa-5527"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41174","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41065","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.0656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40520","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40454","summary":"A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.06959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40456","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40452","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05591,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40448","summary":"The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00928,"ranking_epss":0.76101,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40432","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10238,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40429","summary":"A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40427","summary":"The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40412","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40419","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07769,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40420","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00199,"ranking_epss":0.41927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40403","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40409","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40410","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/5","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213931","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213931","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40400","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01587,"ranking_epss":0.81651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40395","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/4","http://seclists.org/fulldisclosure/2023/Oct/6","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213927","https://support.apple.com/en-us/HT213932","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213927","https://support.apple.com/kb/HT213932","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40399","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40391","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213939","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-40384","summary":"A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:19:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38596","summary":"The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05816,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32361","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32396","summary":"This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05489,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/7","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213939","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213939","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35074","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69427,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/2","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","http://www.openwall.com/lists/oss-security/2023/09/28/3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/","https://security.gentoo.org/glsa/202401-33","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/en-us/HT213941","https://webkitgtk.org/security/WSA-2023-0009.html"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35984","summary":"The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","http://seclists.org/fulldisclosure/2023/Oct/10","http://seclists.org/fulldisclosure/2023/Oct/3","http://seclists.org/fulldisclosure/2023/Oct/8","http://seclists.org/fulldisclosure/2023/Oct/9","https://support.apple.com/en-us/HT213936","https://support.apple.com/en-us/HT213937","https://support.apple.com/en-us/HT213938","https://support.apple.com/en-us/HT213940","https://support.apple.com/kb/HT213936","https://support.apple.com/kb/HT213937","https://support.apple.com/kb/HT213938","https://support.apple.com/kb/HT213940"],"published_time":"2023-09-27T15:18:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-41990","summary":"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02687,"ranking_epss":0.85878,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41990"],"published_time":"2023-09-12T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32428","summary":"This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0103,"ranking_epss":0.77353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32432","summary":"A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34352","summary":"A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00208,"ranking_epss":0.43224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/kb/HT213757","https://support.apple.com/kb/HT213758","https://support.apple.com/kb/HT213761","https://support.apple.com/kb/HT213764"],"published_time":"2023-09-06T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-48503","summary":"The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39581,"kev":true,"propose_action":"Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38604","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57105,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32445","summary":"This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69805,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-36495","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38590","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02841,"ranking_epss":0.86224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38592","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00583,"ranking_epss":0.68998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38598","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213841","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213843","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/kb/HT213846","https://support.apple.com/kb/HT213848"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38599","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00435,"ranking_epss":0.6289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-28T05:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38611","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38600","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38593","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38595","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00611,"ranking_epss":0.69811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38565","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13235,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213848","https://support.apple.com/kb/HT213842","https://support.apple.com/kb/HT213846"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38572","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T01:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32734","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-35993","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32441","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T01:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32393","summary":"The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-07-27T01:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38606","summary":"This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.29968,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38606"],"published_time":"2023-07-27T00:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-37450","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16799,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213826","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213826","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37450"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38133","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0042,"ranking_epss":0.61959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-38594","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00552,"ranking_epss":0.68043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468","http://www.openwall.com/lists/oss-security/2023/08/02/1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213847","https://support.apple.com/en-us/HT213848","https://www.debian.org/security/2023/dsa-5468"],"published_time":"2023-07-27T00:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32381","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T00:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32433","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848","https://support.apple.com/en-us/HT213841","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213843","https://support.apple.com/en-us/HT213844","https://support.apple.com/en-us/HT213845","https://support.apple.com/en-us/HT213846","https://support.apple.com/en-us/HT213848"],"published_time":"2023-07-27T00:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32407","summary":"A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.02479,"ranking_epss":0.85306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32408","summary":"The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32409","summary":"The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49365,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213842","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213842","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32409"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32411","summary":"This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32412","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01229,"ranking_epss":0.79164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32413","summary":"A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00628,"ranking_epss":0.70262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32415","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.1154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32420","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32422","summary":"This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/kb/HT213764","https://support.apple.com/kb/HT213844","https://support.apple.com/kb/HT213845"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32423","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.3848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32373","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1021,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-32373"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32376","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32384","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32389","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.1838,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32392","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32394","summary":"The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32398","summary":"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32399","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.12841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32402","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32403","summary":"This  issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765"],"published_time":"2023-06-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27930","summary":"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28191","summary":"This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28202","summary":"This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28204","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.2149,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://security.gentoo.org/glsa/202401-04","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213762","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213765","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28204"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32354","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32357","summary":"An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32368","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-32372","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764","https://support.apple.com/en-us/HT213757","https://support.apple.com/en-us/HT213758","https://support.apple.com/en-us/HT213761","https://support.apple.com/en-us/HT213764"],"published_time":"2023-06-23T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27969","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28181","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213760","https://support.apple.com/en-us/HT213765"],"published_time":"2023-05-08T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27954","summary":"The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40678,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27956","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27928","summary":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27929","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27931","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10518,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27932","summary":"This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01722,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213671","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27933","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14563,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27937","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.1889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27942","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23527","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A user may gain access to protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213677","https://support.apple.com/en-us/HT213678"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23528","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23855,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213676"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23535","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213759","https://support.apple.com/en-us/HT213670","https://support.apple.com/en-us/HT213673","https://support.apple.com/en-us/HT213674","https://support.apple.com/en-us/HT213675","https://support.apple.com/en-us/HT213676","https://support.apple.com/en-us/HT213678","https://support.apple.com/en-us/HT213759"],"published_time":"2023-05-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23511","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23512","summary":"The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0052,"ranking_epss":0.66864,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23517","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23518","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.54295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23519","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23524","summary":"A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00416,"ranking_epss":0.61754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213632","https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213634","https://support.apple.com/en-us/HT213635","https://support.apple.com/en-us/HT213632","https://support.apple.com/en-us/HT213633","https://support.apple.com/en-us/HT213634","https://support.apple.com/en-us/HT213635"],"published_time":"2023-02-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23496","summary":"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00681,"ranking_epss":0.71627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213600","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213638"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23499","summary":"This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213603","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23500","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to leak sensitive kernel state.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23502","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23503","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-23504","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.40863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606","https://support.apple.com/en-us/HT213598","https://support.apple.com/en-us/HT213599","https://support.apple.com/en-us/HT213601","https://support.apple.com/en-us/HT213604","https://support.apple.com/en-us/HT213605","https://support.apple.com/en-us/HT213606"],"published_time":"2023-02-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32891","summary":"The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.24994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213442","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213442","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487"],"published_time":"2023-02-27T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32949","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213490"],"published_time":"2023-02-27T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46705","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213537","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536","https://support.apple.com/kb/HT213676","http://www.openwall.com/lists/oss-security/2023/11/15/1","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213537","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536","https://support.apple.com/kb/HT213676"],"published_time":"2023-02-27T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32824","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.3811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32830","summary":"An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32844","summary":"A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213346"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46689","summary":"A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.85334,"ranking_epss":0.99366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46690","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46691","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00766,"ranking_epss":0.735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46692","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","https://support.apple.com/en-us/HT213538","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","https://support.apple.com/en-us/HT213538"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46693","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.46975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213538","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213538"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46694","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00192,"ranking_epss":0.41049,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46695","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00756,"ranking_epss":0.73297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46696","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00406,"ranking_epss":0.61092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46698","summary":"A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00791,"ranking_epss":0.73928,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","https://support.apple.com/en-us/HT213538","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","https://support.apple.com/en-us/HT213538"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46699","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00562,"ranking_epss":0.68344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46700","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00562,"ranking_epss":0.68344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46701","summary":"The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00215,"ranking_epss":0.44018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535"],"published_time":"2022-12-15T19:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42855","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.19963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213535","https://support.apple.com/kb/HT213536","http://packetstormsecurity.com/files/170518/libCoreEntitlements-CEContextQuery-Arbitrary-Entitlement-Returns.html","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213535","https://support.apple.com/kb/HT213536"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42856","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49257,"kev":true,"propose_action":"Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/22","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/28","http://www.openwall.com/lists/oss-security/2022/12/26/1","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213516","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/22","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/28","http://www.openwall.com/lists/oss-security/2022/12/26/1","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213516","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213537","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42856"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42863","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00831,"ranking_epss":0.74578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","http://www.openwall.com/lists/oss-security/2022/12/26/1","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","http://www.openwall.com/lists/oss-security/2022/12/26/1","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42864","summary":"A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.04025,"ranking_epss":0.88486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42865","summary":"This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/kb/HT213534","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/kb/HT213534"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42866","summary":"The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26499,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42867","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.05716,"ranking_epss":0.90442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","http://www.openwall.com/lists/oss-security/2022/12/26/1","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","http://www.openwall.com/lists/oss-security/2022/12/26/1","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42845","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.01453,"ranking_epss":0.80832,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42848","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213535","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213535"],"published_time":"2022-12-15T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42849","summary":"An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42851","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213535","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/26","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213535"],"published_time":"2022-12-15T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42852","summary":"The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0069,"ranking_epss":0.71817,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","http://seclists.org/fulldisclosure/2022/Dec/28","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213531","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","https://support.apple.com/en-us/HT213537"],"published_time":"2022-12-15T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42842","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04146,"ranking_epss":0.88674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213533","https://support.apple.com/en-us/HT213534","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42843","summary":"This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536","http://seclists.org/fulldisclosure/2022/Dec/20","http://seclists.org/fulldisclosure/2022/Dec/23","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://support.apple.com/en-us/HT213530","https://support.apple.com/en-us/HT213532","https://support.apple.com/en-us/HT213535","https://support.apple.com/en-us/HT213536"],"published_time":"2022-12-15T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-40304","summary":"An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00219,"ranking_epss":0.44529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b","https://gitlab.gnome.org/GNOME/libxml2/-/tags","https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","https://security.netapp.com/advisory/ntap-20221209-0003/","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213533","https://support.apple.com/kb/HT213534","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b","https://gitlab.gnome.org/GNOME/libxml2/-/tags","https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","https://security.netapp.com/advisory/ntap-20221209-0003/","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213533","https://support.apple.com/kb/HT213534","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536"],"published_time":"2022-11-23T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-40303","summary":"An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0","https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","https://security.netapp.com/advisory/ntap-20221209-0003/","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213533","https://support.apple.com/kb/HT213534","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536","http://seclists.org/fulldisclosure/2022/Dec/21","http://seclists.org/fulldisclosure/2022/Dec/24","http://seclists.org/fulldisclosure/2022/Dec/25","http://seclists.org/fulldisclosure/2022/Dec/26","http://seclists.org/fulldisclosure/2022/Dec/27","https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0","https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","https://security.netapp.com/advisory/ntap-20221209-0003/","https://support.apple.com/kb/HT213531","https://support.apple.com/kb/HT213533","https://support.apple.com/kb/HT213534","https://support.apple.com/kb/HT213535","https://support.apple.com/kb/HT213536"],"published_time":"2022-11-23T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42823","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00714,"ranking_epss":0.7236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/11/04/4","https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","https://www.debian.org/security/2022/dsa-5273","https://www.debian.org/security/2022/dsa-5274","http://www.openwall.com/lists/oss-security/2022/11/04/4","https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","https://www.debian.org/security/2022/dsa-5273","https://www.debian.org/security/2022/dsa-5274"],"published_time":"2022-11-01T20:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42824","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/11/04/4","https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","https://www.debian.org/security/2022/dsa-5273","https://www.debian.org/security/2022/dsa-5274","http://www.openwall.com/lists/oss-security/2022/11/04/4","https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","https://www.debian.org/security/2022/dsa-5273","https://www.debian.org/security/2022/dsa-5274"],"published_time":"2022-11-01T20:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42825","summary":"This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26916,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213493","https://support.apple.com/en-us/HT213494","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213493","https://support.apple.com/en-us/HT213494"],"published_time":"2022-11-01T20:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42801","summary":"A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.4696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/170011/XNU-vm_object-Use-After-Free.html","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213494","http://packetstormsecurity.com/files/170011/XNU-vm_object-Use-After-Free.html","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213494"],"published_time":"2022-11-01T20:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42803","summary":"A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00201,"ranking_epss":0.42142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213494","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213494"],"published_time":"2022-11-01T20:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42808","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02593,"ranking_epss":0.85621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42810","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42811","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42813","summary":"A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00709,"ranking_epss":0.72243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42795","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00844,"ranking_epss":0.74799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42798","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213493","https://support.apple.com/en-us/HT213494","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213493","https://support.apple.com/en-us/HT213494"],"published_time":"2022-11-01T20:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-42799","summary":"The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00523,"ranking_epss":0.66951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/11/04/4","https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","https://www.debian.org/security/2022/dsa-5273","https://www.debian.org/security/2022/dsa-5274","http://www.openwall.com/lists/oss-security/2022/11/04/4","https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","https://www.debian.org/security/2022/dsa-5273","https://www.debian.org/security/2022/dsa-5274"],"published_time":"2022-11-01T20:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32940","summary":"The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32944","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58824,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213493","https://support.apple.com/en-us/HT213494","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213493","https://support.apple.com/en-us/HT213494"],"published_time":"2022-11-01T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32907","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/169930/AppleAVD-AppleAVDUserClient-decodeFrameFig-Memory-Corruption.html","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","http://packetstormsecurity.com/files/169930/AppleAVD-AppleAVDUserClient-decodeFrameFig-Memory-Corruption.html","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32913","summary":"The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32914","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00286,"ranking_epss":0.52086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32923","summary":"A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00268,"ranking_epss":0.50258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/11/04/4","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495","http://www.openwall.com/lists/oss-security/2022/11/04/4","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213495"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32924","summary":"The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/170010/XNU-Dangling-PTE-Entry.html","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","http://packetstormsecurity.com/files/170010/XNU-Dangling-PTE-Entry.html","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32925","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.1885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32926","summary":"The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213489","https://support.apple.com/en-us/HT213490","https://support.apple.com/en-us/HT213491","https://support.apple.com/en-us/HT213492"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32866","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.46938,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32879","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32881","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32888","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00794,"ranking_epss":0.73973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/11/04/4","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488","http://www.openwall.com/lists/oss-security/2022/11/04/4","https://security.gentoo.org/glsa/202305-32","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213488"],"published_time":"2022-11-01T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32903","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487","https://support.apple.com/en-us/HT213446","https://support.apple.com/en-us/HT213486","https://support.apple.com/en-us/HT213487"],"published_time":"2022-11-01T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26709","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00201,"ranking_epss":0.42127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260"],"published_time":"2022-11-01T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26710","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.46983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-11-01T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26716","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00176,"ranking_epss":0.39053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260"],"published_time":"2022-11-01T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26717","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00974,"ranking_epss":0.7671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213259","https://support.apple.com/en-us/HT213260","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213259","https://support.apple.com/en-us/HT213260"],"published_time":"2022-11-01T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26719","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260"],"published_time":"2022-11-01T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22629","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.21722,"ranking_epss":0.95757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213188","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213188","https://support.apple.com/en-us/HT213193"],"published_time":"2022-09-23T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32814","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00252,"ranking_epss":0.48572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213344","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213344"],"published_time":"2022-09-23T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32820","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32821","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32823","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.296,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32825","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32826","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32828","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12426,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32832","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.08902,"ranking_epss":0.92581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32841","summary":"The issue was addressed with improved memory handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted image may result in disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00253,"ranking_epss":0.48674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32847","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00819,"ranking_epss":0.74406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32849","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213488","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213488"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32787","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0068,"ranking_epss":0.7161,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32790","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01709,"ranking_epss":0.82361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32792","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00295,"ranking_epss":0.528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213341","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32815","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32816","summary":"The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32817","summary":"An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32819","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22628","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00211,"ranking_epss":0.4359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213193"],"published_time":"2022-09-23T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22637","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.46985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213193"],"published_time":"2022-09-23T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26700","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.33091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213260"],"published_time":"2022-09-23T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36521","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34477,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211846","https://support.apple.com/en-us/HT211847","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211952","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211846","https://support.apple.com/en-us/HT211847","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211952"],"published_time":"2022-09-23T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22610","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00961,"ranking_epss":0.76522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213187","https://support.apple.com/en-us/HT213193"],"published_time":"2022-09-23T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32908","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.32719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488"],"published_time":"2022-09-20T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32911","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488"],"published_time":"2022-09-20T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32788","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00943,"ranking_epss":0.76317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-20T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32802","summary":"A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-20T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32864","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/40","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","http://seclists.org/fulldisclosure/2022/Oct/45","http://seclists.org/fulldisclosure/2022/Oct/47","http://seclists.org/fulldisclosure/2022/Oct/49","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/40","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","http://seclists.org/fulldisclosure/2022/Oct/45","http://seclists.org/fulldisclosure/2022/Oct/47","http://seclists.org/fulldisclosure/2022/Oct/49","https://support.apple.com/en-us/HT213443","https://support.apple.com/en-us/HT213444","https://support.apple.com/en-us/HT213445","https://support.apple.com/en-us/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488"],"published_time":"2022-09-20T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32839","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02412,"ranking_epss":0.8512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32857","summary":"This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32793","summary":"Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.64164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213446","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213446"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32813","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32837","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.0966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213343","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213343"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2294","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01165,"ranking_epss":0.7864,"kev":true,"propose_action":"WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.","ransomware_campaign":"Known","references":["http://www.openwall.com/lists/oss-security/2022/07/28/2","https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html","https://crbug.com/1341043","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/","https://security.gentoo.org/glsa/202208-35","https://security.gentoo.org/glsa/202208-39","https://security.gentoo.org/glsa/202311-11","http://www.openwall.com/lists/oss-security/2022/07/28/2","https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html","https://crbug.com/1341043","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/","https://security.gentoo.org/glsa/202208-35","https://security.gentoo.org/glsa/202208-39","https://security.gentoo.org/glsa/202311-11","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294"],"published_time":"2022-07-28T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26757","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.06703,"ranking_epss":0.91275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26763","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.19484,"ranking_epss":0.95409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26764","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":4.7,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26765","summary":"A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18287,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26766","summary":"A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01964,"ranking_epss":0.83551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26768","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00831,"ranking_epss":0.74582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/12","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/kb/HT213346","http://seclists.org/fulldisclosure/2022/Jul/12","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/kb/HT213346"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26771","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00257,"ranking_epss":0.49079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26739","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26740","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26738","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26702","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00602,"ranking_epss":0.69547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2023/Mar/21","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213258","https://support.apple.com/kb/HT213675","http://seclists.org/fulldisclosure/2023/Mar/21","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213258","https://support.apple.com/kb/HT213675"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26706","summary":"An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01243,"ranking_epss":0.79284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26711","summary":"An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02178,"ranking_epss":0.84363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213259","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213259"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26724","summary":"An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.1277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213254"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26736","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.5061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26737","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26701","summary":"A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00438,"ranking_epss":0.63118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22675","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01094,"ranking_epss":0.78006,"kev":true,"propose_action":"macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213219","https://support.apple.com/en-us/HT213220","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213219","https://support.apple.com/en-us/HT213220","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213256","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22675"],"published_time":"2022-05-26T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1622","summary":"LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json","https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a","https://gitlab.com/libtiff/libtiff/-/issues/410","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/","https://security.netapp.com/advisory/ntap-20220616-0005/","https://support.apple.com/kb/HT213443","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json","https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a","https://gitlab.com/libtiff/libtiff/-/issues/410","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/","https://security.netapp.com/advisory/ntap-20220616-0005/","https://support.apple.com/kb/HT213443","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488"],"published_time":"2022-05-11T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22666","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.50085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/167144/AppleVideoDecoder-CreateHeaderBuffer-Out-Of-Bounds-Free.html","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","http://packetstormsecurity.com/files/167144/AppleVideoDecoder-CreateHeaderBuffer-Out-Of-Bounds-Free.html","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22670","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.4606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22632","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00871,"ranking_epss":0.75232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22633","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213193","https://support.apple.com/kb/HT213186","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213193","https://support.apple.com/kb/HT213186"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22634","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.5393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22635","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22636","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213186"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22638","summary":"A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01019,"ranking_epss":0.77243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22640","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22641","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00851,"ranking_epss":0.74917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22600","summary":"The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01528,"ranking_epss":0.81332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22609","summary":"The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.4903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22611","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00568,"ranking_epss":0.68553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213188","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213188","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22612","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00285,"ranking_epss":0.51903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213188","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213188","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22613","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00619,"ranking_epss":0.70043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22614","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22615","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22621","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.","cvss":4.6,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22578","summary":"A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22579","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.003,"ranking_epss":0.5339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22584","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00452,"ranking_epss":0.6376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22585","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00572,"ranking_epss":0.68689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22589","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00788,"ranking_epss":0.73878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://support.apple.com/kb/HT213185","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://support.apple.com/kb/HT213185","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22590","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00401,"ranking_epss":0.60797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22592","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22593","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01694,"ranking_epss":0.82293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22594","summary":"A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.44157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30771","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00406,"ranking_epss":0.61092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2022-03-18T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26981","summary":"Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00367,"ranking_epss":0.58684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/12","http://seclists.org/fulldisclosure/2022/Jul/15","http://seclists.org/fulldisclosure/2022/Jul/16","http://seclists.org/fulldisclosure/2022/Jul/18","https://github.com/liblouis/liblouis/issues/1171","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFD2KIHESDUCNWTEW3USFB5GKTWT624L/","https://security.gentoo.org/glsa/202301-06","https://support.apple.com/kb/HT213340","https://support.apple.com/kb/HT213342","https://support.apple.com/kb/HT213345","https://support.apple.com/kb/HT213346","http://seclists.org/fulldisclosure/2022/Jul/12","http://seclists.org/fulldisclosure/2022/Jul/15","http://seclists.org/fulldisclosure/2022/Jul/16","http://seclists.org/fulldisclosure/2022/Jul/18","https://github.com/liblouis/liblouis/issues/1171","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFD2KIHESDUCNWTEW3USFB5GKTWT624L/","https://security.gentoo.org/glsa/202301-06","https://support.apple.com/kb/HT213340","https://support.apple.com/kb/HT213342","https://support.apple.com/kb/HT213345","https://support.apple.com/kb/HT213346"],"published_time":"2022-03-13T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-23308","summary":"valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/34","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/36","http://seclists.org/fulldisclosure/2022/May/37","http://seclists.org/fulldisclosure/2022/May/38","https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e","https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS","https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/","https://security.gentoo.org/glsa/202210-03","https://security.netapp.com/advisory/ntap-20220331-0008/","https://support.apple.com/kb/HT213253","https://support.apple.com/kb/HT213254","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://support.apple.com/kb/HT213258","https://www.oracle.com/security-alerts/cpujul2022.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/34","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/36","http://seclists.org/fulldisclosure/2022/May/37","http://seclists.org/fulldisclosure/2022/May/38","https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e","https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS","https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/","https://security.gentoo.org/glsa/202210-03","https://security.netapp.com/advisory/ntap-20220331-0008/","https://support.apple.com/kb/HT213253","https://support.apple.com/kb/HT213254","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://support.apple.com/kb/HT213258","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-02-26T05:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-21658","summary":"Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions.","cvss":7.3,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00906,"ranking_epss":0.7578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html","https://github.com/rust-lang/rust/pull/93110","https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946","https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf","https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714","https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/","https://security.gentoo.org/glsa/202210-09","https://support.apple.com/kb/HT213182","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213186","https://support.apple.com/kb/HT213193","https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html","https://github.com/rust-lang/rust/pull/93110","https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946","https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf","https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714","https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/","https://security.gentoo.org/glsa/202210-09","https://support.apple.com/kb/HT213182","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213186","https://support.apple.com/kb/HT213193"],"published_time":"2022-01-20T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13905","summary":"A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00607,"ranking_epss":0.69701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208325","https://support.apple.com/en-us/HT208327","https://support.apple.com/en-us/HT208331","https://support.apple.com/en-us/HT208334","https://support.apple.com/en-us/HT208325","https://support.apple.com/en-us/HT208327","https://support.apple.com/en-us/HT208331","https://support.apple.com/en-us/HT208334"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8702","summary":"This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210346","https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210351","https://support.apple.com/en-us/HT210346","https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210351"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8703","summary":"This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00868,"ranking_epss":0.75199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30823","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212953","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30831","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30834","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212871","https://support.apple.com/kb/HT212804","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212871","https://support.apple.com/kb/HT212804"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30836","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31427,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212816","https://support.apple.com/kb/HT212869","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212816","https://support.apple.com/kb/HT212869"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30840","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00376,"ranking_epss":0.59203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30808","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-10-28T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30809","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-10-28T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30814","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00634,"ranking_epss":0.70407,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212953","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-28T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30818","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-10-28T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30835","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212953","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30837","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00383,"ranking_epss":0.59644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30841","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30842","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30843","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30846","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00503,"ranking_epss":0.66113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/60","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","http://www.openwall.com/lists/oss-security/2021/10/26/9","http://www.openwall.com/lists/oss-security/2021/10/27/1","http://www.openwall.com/lists/oss-security/2021/10/27/2","http://www.openwall.com/lists/oss-security/2021/10/27/4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://www.debian.org/security/2021/dsa-4995","https://www.debian.org/security/2021/dsa-4996","http://seclists.org/fulldisclosure/2021/Oct/60","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","http://www.openwall.com/lists/oss-security/2021/10/26/9","http://www.openwall.com/lists/oss-security/2021/10/27/1","http://www.openwall.com/lists/oss-security/2021/10/27/2","http://www.openwall.com/lists/oss-security/2021/10/27/4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://www.debian.org/security/2021/dsa-4995","https://www.debian.org/security/2021/dsa-4996"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30847","summary":"This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212953","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30849","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00257,"ranking_epss":0.49062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/60","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","http://www.openwall.com/lists/oss-security/2021/10/26/9","http://www.openwall.com/lists/oss-security/2021/10/27/1","http://www.openwall.com/lists/oss-security/2021/10/27/2","http://www.openwall.com/lists/oss-security/2021/10/27/4","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212953","http://seclists.org/fulldisclosure/2021/Oct/60","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","http://www.openwall.com/lists/oss-security/2021/10/26/9","http://www.openwall.com/lists/oss-security/2021/10/27/1","http://www.openwall.com/lists/oss-security/2021/10/27/2","http://www.openwall.com/lists/oss-security/2021/10/27/4","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30850","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212815","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212815"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30810","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.","cvss":4.3,"cvss_version":3.0,"cvss_v2":2.9,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30697","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.1888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30700","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00444,"ranking_epss":0.63385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30701","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00727,"ranking_epss":0.72644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30703","summary":"A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0032,"ranking_epss":0.55128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30704","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00361,"ranking_epss":0.58233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30705","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.4929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30706","summary":"Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30707","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01204,"ranking_epss":0.78961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30710","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.4688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30715","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00653,"ranking_epss":0.70926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30677","summary":"This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/kb/HT212602","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/kb/HT212602"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30682","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30685","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30686","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30687","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00394,"ranking_epss":0.60351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30689","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.01123,"ranking_epss":0.78279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30660","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00602,"ranking_epss":0.69519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30661","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30016,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212318","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212341","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212318","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212341","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30661"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30663","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00677,"ranking_epss":0.71536,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212335","https://support.apple.com/en-us/HT212336","https://support.apple.com/en-us/HT212341","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212335","https://support.apple.com/en-us/HT212336","https://support.apple.com/en-us/HT212341","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212534","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30664","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30665","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00558,"ranking_epss":0.68229,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212335","https://support.apple.com/en-us/HT212336","https://support.apple.com/en-us/HT212339","https://support.apple.com/en-us/HT212341","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212335","https://support.apple.com/en-us/HT212336","https://support.apple.com/en-us/HT212339","https://support.apple.com/en-us/HT212341","https://support.apple.com/en-us/HT212532","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30665"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1875","summary":"A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00249,"ranking_epss":0.4821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1881","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1882","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00871,"ranking_epss":0.75232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1883","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00994,"ranking_epss":0.76961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1884","summary":"A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.01006,"ranking_epss":0.77078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1885","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30652","summary":"A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00225,"ranking_epss":0.45249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30653","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1846","summary":"Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1849","summary":"An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00154,"ranking_epss":0.36151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1851","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00913,"ranking_epss":0.75897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1857","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1858","summary":"Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00483,"ranking_epss":0.65203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1860","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1864","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01689,"ranking_epss":0.82256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1868","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1822","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1825","summary":"An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00437,"ranking_epss":0.63072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212318","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212318","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1826","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00741,"ranking_epss":0.72959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1832","summary":"Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1836","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1843","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1739","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1740","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1770","summary":"A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02359,"ranking_epss":0.84942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1808","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1809","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1811","summary":"A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1813","summary":"A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1815","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1816","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00404,"ranking_epss":0.60965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1817","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0097,"ranking_epss":0.76657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1820","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0077,"ranking_epss":0.73562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30780","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00393,"ranking_epss":0.60275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30781","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.48107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30785","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00799,"ranking_epss":0.7406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://www.zerodayinitiative.com/advisories/ZDI-22-353/","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://www.zerodayinitiative.com/advisories/ZDI-22-353/"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30788","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.56547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30789","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00623,"ranking_epss":0.70174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30795","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00914,"ranking_epss":0.75909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212606","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212606"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30797","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00672,"ranking_epss":0.71394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212606","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212606"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30802","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00492,"ranking_epss":0.65679,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30758","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00346,"ranking_epss":0.57139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212606","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212606"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30759","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01048,"ranking_epss":0.77546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30760","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00447,"ranking_epss":0.6353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30764","summary":"Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00407,"ranking_epss":0.61146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30768","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30769","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30770","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30773","summary":"An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25945,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30774","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/kb/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/kb/HT212600"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30775","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00798,"ranking_epss":0.74045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30776","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00314,"ranking_epss":0.54569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30779","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00898,"ranking_epss":0.75674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30733","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00334,"ranking_epss":0.56224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30734","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01081,"ranking_epss":0.77871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30736","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00382,"ranking_epss":0.596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30737","summary":"A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.004,"ranking_epss":0.6072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212548","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212548"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30740","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01025,"ranking_epss":0.77306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30743","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30744","summary":"Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.0061,"ranking_epss":0.69778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30748","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00858,"ranking_epss":0.75019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212604","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212604"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30749","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01256,"ranking_epss":0.794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30752","summary":"Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00406,"ranking_epss":0.61092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30753","summary":"Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30755","summary":"Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00408,"ranking_epss":0.61178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30720","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00383,"ranking_epss":0.59641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212534"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30727","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30993","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.01668,"ranking_epss":0.82139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30995","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.zerodayinitiative.com/advisories/ZDI-22-360/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.zerodayinitiative.com/advisories/ZDI-22-360/"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-31000","summary":"A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00227,"ranking_epss":0.45517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-31006","summary":"Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-31007","summary":"Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.32842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-31008","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01223,"ranking_epss":0.79122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212875","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212875","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30980","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00591,"ranking_epss":0.69243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30984","summary":"A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00688,"ranking_epss":0.71755,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30957","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00691,"ranking_epss":0.71823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT212979","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT212979"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30958","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Playing a malicious audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.56745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30960","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00307,"ranking_epss":0.53909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT213055","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT213055"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30962","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30966","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00468,"ranking_epss":0.64531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30968","summary":"A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30939","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1414","https://www.zerodayinitiative.com/advisories/ZDI-22-359/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1414","https://www.zerodayinitiative.com/advisories/ZDI-22-359/"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30942","summary":"Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165559/Apple-ColorSync-Out-Of-Bounds-Read.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","http://packetstormsecurity.com/files/165559/Apple-ColorSync-Out-Of-Bounds-Read.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30944","summary":"Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30945","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30947","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0029,"ranking_epss":0.5247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30951","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00887,"ranking_epss":0.75494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30952","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01244,"ranking_epss":0.79294,"kev":true,"propose_action":"Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.","ransomware_campaign":"Unknown","references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30952"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30953","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65189,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30954","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30955","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.36267,"ranking_epss":0.9712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30926","summary":"Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00339,"ranking_epss":0.56695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT212868","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT212868","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30927","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.2687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30928","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212953","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212953"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30934","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0169,"ranking_epss":0.8226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30936","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00887,"ranking_epss":0.75494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061","http://www.openwall.com/lists/oss-security/2022/01/21/2","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212982","https://www.debian.org/security/2022/dsa-5060","https://www.debian.org/security/2022/dsa-5061"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30937","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.24484,"ranking_epss":0.96131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165475/XNU-inm_merge-Heap-Use-After-Free.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","http://packetstormsecurity.com/files/165475/XNU-inm_merge-Heap-Use-After-Free.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30915","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30916","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Dec/43","http://seclists.org/fulldisclosure/2021/Dec/44","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212975","https://support.apple.com/kb/HT212980","http://seclists.org/fulldisclosure/2021/Dec/43","http://seclists.org/fulldisclosure/2021/Dec/44","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212975","https://support.apple.com/kb/HT212980"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30917","summary":"A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00493,"ranking_epss":0.65705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30919","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00601,"ranking_epss":0.695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-22-357/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-22-357/"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30924","summary":"A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0088,"ranking_epss":0.75389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212867","https://support.apple.com/kb/HT212874","https://support.apple.com/kb/HT212876","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212867","https://support.apple.com/kb/HT212874","https://support.apple.com/kb/HT212876"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30903","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/kb/HT212874","https://support.apple.com/kb/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/kb/HT212874","https://support.apple.com/kb/HT212876"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30905","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina. Processing a maliciously crafted file may disclose user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212872","https://www.zerodayinitiative.com/advisories/ZDI-21-1368/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212872","https://www.zerodayinitiative.com/advisories/ZDI-21-1368/"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30906","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29538,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212871","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212871"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30907","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00491,"ranking_epss":0.6562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30909","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30910","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-21-1369/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-21-1369/"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30890","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00191,"ranking_epss":0.41017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.debian.org/security/2021/dsa-5030","https://www.debian.org/security/2021/dsa-5031","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.debian.org/security/2021/dsa-5030","https://www.debian.org/security/2021/dsa-5031"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30894","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00473,"ranking_epss":0.64737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30895","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00342,"ranking_epss":0.56882,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212846","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212867","https://support.apple.com/kb/HT212979","https://support.apple.com/en-us/HT212846","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212867","https://support.apple.com/kb/HT212979"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30896","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00368,"ranking_epss":0.5873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212846","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212846","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30897","summary":"An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.54392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212814","https://support.apple.com/kb/HT212815","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212814","https://support.apple.com/kb/HT212815"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30881","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00574,"ranking_epss":0.68751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30883","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00364,"ranking_epss":0.58494,"kev":true,"propose_action":"Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212846","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212846","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30883"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30884","summary":"The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37604,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30886","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00587,"ranking_epss":0.69117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30887","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00304,"ranking_epss":0.53689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.debian.org/security/2021/dsa-5030","https://www.debian.org/security/2021/dsa-5031","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.debian.org/security/2021/dsa-5030","https://www.debian.org/security/2021/dsa-5031"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30888","summary":"An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior .","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.44134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30889","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00685,"ranking_epss":0.71707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","http://www.openwall.com/lists/oss-security/2021/12/20/6","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30855","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.43969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212815","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212815"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30857","summary":"A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30866","summary":"A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A device may be passively tracked by its WiFi MAC address.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30851","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01034,"ranking_epss":0.77395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/10/31/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://www.debian.org/security/2021/dsa-4995","https://www.debian.org/security/2021/dsa-4996","http://www.openwall.com/lists/oss-security/2021/10/31/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212816","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://www.debian.org/security/2021/dsa-4995","https://www.debian.org/security/2021/dsa-4996"],"published_time":"2021-08-24T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30852","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0063,"ranking_epss":0.70316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212953","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212953"],"published_time":"2021-08-24T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30854","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":8.6,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-08-24T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-36690","summary":"A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0172,"ranking_epss":0.8243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/47","http://seclists.org/fulldisclosure/2022/Oct/49","https://support.apple.com/kb/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488","https://www.sqlite.org/forum/forumpost/718c0a8d17","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/39","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/47","http://seclists.org/fulldisclosure/2022/Oct/49","https://lists.debian.org/debian-lts-announce/2024/09/msg00050.html","https://support.apple.com/kb/HT213446","https://support.apple.com/kb/HT213486","https://support.apple.com/kb/HT213487","https://support.apple.com/kb/HT213488","https://www.sqlite.org/forum/forumpost/718c0a8d17"],"published_time":"2021-08-24T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1818","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01746,"ranking_epss":0.82572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1844","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.014,"ranking_epss":0.80447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/55","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212220","https://support.apple.com/en-us/HT212221","https://support.apple.com/en-us/HT212222","https://support.apple.com/en-us/HT212223","https://support.apple.com/kb/HT212323","https://www.debian.org/security/2021/dsa-4923","http://seclists.org/fulldisclosure/2021/Apr/55","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212220","https://support.apple.com/en-us/HT212221","https://support.apple.com/en-us/HT212222","https://support.apple.com/en-us/HT212223","https://support.apple.com/kb/HT212323","https://www.debian.org/security/2021/dsa-4923"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1793","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00548,"ranking_epss":0.67936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1797","summary":"The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/51","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","http://seclists.org/fulldisclosure/2021/Apr/51","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1799","summary":"A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.31961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1801","summary":"This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1761","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01093,"ranking_epss":0.77985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1777","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1778","summary":"An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1782","summary":"A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.05879,"ranking_epss":0.9059,"kev":true,"propose_action":"Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1782"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1783","summary":"An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1785","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1786","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1787","summary":"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1788","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00408,"ranking_epss":0.61174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://www.debian.org/security/2021/dsa-4923","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://www.debian.org/security/2021/dsa-4923"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1789","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47651,"kev":true,"propose_action":"A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.","ransomware_campaign":"Unknown","references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1791","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00558,"ranking_epss":0.68213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1792","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01041,"ranking_epss":0.77459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1758","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01347,"ranking_epss":0.80107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1759","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00637,"ranking_epss":0.7051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1760","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00338,"ranking_epss":0.56592,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1764","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01093,"ranking_epss":0.77985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1766","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1769","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1772","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00683,"ranking_epss":0.71663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://www.zerodayinitiative.com/advisories/ZDI-21-758/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://www.zerodayinitiative.com/advisories/ZDI-21-758/"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1773","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1774","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1776","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1741","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1742","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1743","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00568,"ranking_epss":0.68553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1744","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1746","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00881,"ranking_epss":0.7541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1747","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00785,"ranking_epss":0.73804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1748","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00428,"ranking_epss":0.62502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1750","summary":"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00553,"ranking_epss":0.68068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1754","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00772,"ranking_epss":0.73589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1757","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9926","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.7128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295","https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9955","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00371,"ranking_epss":0.58911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9956","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9960","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9962","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00766,"ranking_epss":0.73487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9967","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01262,"ranking_epss":0.79453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/163501/XNU-Network-Stack-Kernel-Heap-Overflow.html","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","http://packetstormsecurity.com/files/163501/XNU-Network-Stack-Kernel-Heap-Overflow.html","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9971","summary":"A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00428,"ranking_epss":0.62462,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9975","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29608","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71984,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29610","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29611","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.6419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29614","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.5766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29615","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00341,"ranking_epss":0.56821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29617","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.5766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29618","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00849,"ranking_epss":0.7489,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29619","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.5766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29623","summary":"\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29624","summary":"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27933","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00483,"ranking_epss":0.65203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295","https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27935","summary":"Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.05665,"ranking_epss":0.90395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27943","summary":"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27944","summary":"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.6419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27946","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00324,"ranking_epss":0.55458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27948","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.6419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27899","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.35355,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27908","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27920","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27922","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27923","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27924","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00413,"ranking_epss":0.615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27931","summary":"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-7463","summary":"In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/49","http://seclists.org/fulldisclosure/2021/Apr/50","http://seclists.org/fulldisclosure/2021/Apr/57","http://seclists.org/fulldisclosure/2021/Apr/58","http://seclists.org/fulldisclosure/2021/Apr/59","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc","https://support.apple.com/kb/HT212317","https://support.apple.com/kb/HT212318","https://support.apple.com/kb/HT212319","https://support.apple.com/kb/HT212321","https://support.apple.com/kb/HT212323","https://support.apple.com/kb/HT212324","https://support.apple.com/kb/HT212325","http://seclists.org/fulldisclosure/2021/Apr/49","http://seclists.org/fulldisclosure/2021/Apr/50","http://seclists.org/fulldisclosure/2021/Apr/57","http://seclists.org/fulldisclosure/2021/Apr/58","http://seclists.org/fulldisclosure/2021/Apr/59","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc","https://support.apple.com/kb/HT212317","https://support.apple.com/kb/HT212318","https://support.apple.com/kb/HT212319","https://support.apple.com/kb/HT212321","https://support.apple.com/kb/HT212323","https://support.apple.com/kb/HT212324","https://support.apple.com/kb/HT212325"],"published_time":"2021-03-26T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9991","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02136,"ranking_epss":0.84218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211847","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211846","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211847","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211846"],"published_time":"2020-12-08T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27918","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00234,"ranking_epss":0.46276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://www.openwall.com/lists/oss-security/2021/03/22/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211934","https://support.apple.com/en-us/HT211935","https://www.debian.org/security/2021/dsa-4877","http://seclists.org/fulldisclosure/2020/Dec/32","http://www.openwall.com/lists/oss-security/2021/03/22/1","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211934","https://support.apple.com/en-us/HT211935","https://www.debian.org/security/2021/dsa-4877"],"published_time":"2020-12-08T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27905","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00533,"ranking_epss":0.67391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27909","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66904,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/kb/HT211931","https://www.zerodayinitiative.com/advisories/ZDI-21-374/","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/kb/HT211931","https://www.zerodayinitiative.com/advisories/ZDI-21-374/"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27910","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00813,"ranking_epss":0.74293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27911","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02512,"ranking_epss":0.85415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27912","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00989,"ranking_epss":0.76903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27916","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00622,"ranking_epss":0.7015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27917","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00712,"ranking_epss":0.72332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27927","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00592,"ranking_epss":0.69266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10017","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00646,"ranking_epss":0.70734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9999","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00718,"ranking_epss":0.72483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211952","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211952","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935"],"published_time":"2020-12-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9965","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00633,"ranking_epss":0.70378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9966","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00788,"ranking_epss":0.73874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9969","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9972","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02321,"ranking_epss":0.8482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211850","https://support.apple.com/kb/HT212003","https://support.apple.com/kb/HT212005","https://support.apple.com/kb/HT212011","https://support.apple.com/en-us/HT211850","https://support.apple.com/kb/HT212003","https://support.apple.com/kb/HT212005","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9974","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00349,"ranking_epss":0.57412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9981","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9849","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01069,"ranking_epss":0.77747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9943","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9944","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9947","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00809,"ranking_epss":0.74241,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/03/22/1","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211845","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952","http://www.openwall.com/lists/oss-security/2021/03/22/1","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211845","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9949","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.007,"ranking_epss":0.7202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9950","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0078,"ranking_epss":0.73724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211845","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211845","https://support.apple.com/en-us/HT211850"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9954","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0086,"ranking_epss":0.75046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10016","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00564,"ranking_epss":0.68438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10003","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10004","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00559,"ranking_epss":0.68274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10010","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10011","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00716,"ranking_epss":0.72411,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211929","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211929","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT211931"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10013","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00246,"ranking_epss":0.47943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211850","https://support.apple.com/kb/HT211849","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211850","https://support.apple.com/kb/HT211849"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10002","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.28947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15969","summary":"Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03155,"ranking_epss":0.86929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html","http://seclists.org/fulldisclosure/2020/Dec/24","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/27","http://seclists.org/fulldisclosure/2020/Dec/29","http://seclists.org/fulldisclosure/2020/Dec/30","https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html","https://crbug.com/1124659","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/","https://security.gentoo.org/glsa/202101-30","https://support.apple.com/kb/HT212003","https://support.apple.com/kb/HT212005","https://support.apple.com/kb/HT212007","https://support.apple.com/kb/HT212009","https://support.apple.com/kb/HT212011","https://www.debian.org/security/2021/dsa-4824","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html","http://seclists.org/fulldisclosure/2020/Dec/24","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/27","http://seclists.org/fulldisclosure/2020/Dec/29","http://seclists.org/fulldisclosure/2020/Dec/30","https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html","https://crbug.com/1124659","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/","https://security.gentoo.org/glsa/202101-30","https://support.apple.com/kb/HT212003","https://support.apple.com/kb/HT212005","https://support.apple.com/kb/HT212007","https://support.apple.com/kb/HT212009","https://support.apple.com/kb/HT212011","https://www.debian.org/security/2021/dsa-4824"],"published_time":"2020-11-03T03:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3864","summary":"A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210922","https://support.apple.com/en-us/HT210923","https://support.apple.com/en-us/HT210947","https://support.apple.com/en-us/HT210948","https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210922","https://support.apple.com/en-us/HT210923","https://support.apple.com/en-us/HT210947","https://support.apple.com/en-us/HT210948"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3880","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210921","https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210921"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9932","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00874,"ranking_epss":0.75287,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9961","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00275,"ranking_epss":0.50984,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/en-us/HT211849","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/en-us/HT211849","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9979","summary":"A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.3091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211850","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211850"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8848","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00297,"ranking_epss":0.53062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8850","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8854","summary":"A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00378,"ranking_epss":0.59384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8898","summary":"An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00456,"ranking_epss":0.63897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8846","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0057,"ranking_epss":0.68623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8844","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02982,"ranking_epss":0.86547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T20:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8827","summary":"The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00609,"ranking_epss":0.69761,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210723","https://support.apple.com/en-us/HT210725","https://support.apple.com/en-us/HT210726","https://support.apple.com/en-us/HT210728","https://support.apple.com/en-us/HT210947","https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210723","https://support.apple.com/en-us/HT210725","https://support.apple.com/en-us/HT210726","https://support.apple.com/en-us/HT210728","https://support.apple.com/en-us/HT210947"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8828","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8829","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210723","https://support.apple.com/en-us/HT210724","https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210723","https://support.apple.com/en-us/HT210724"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8830","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01747,"ranking_epss":0.82578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210787","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210791","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210787","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210791"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8831","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.47871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8832","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8833","summary":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8834","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00317,"ranking_epss":0.54811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8835","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0057,"ranking_epss":0.68623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8836","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210921","https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210921"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8838","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8762","summary":"A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00721,"ranking_epss":0.72523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8773","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8780","summary":"The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8799","summary":"This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8809","summary":"A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8734","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210608","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210608","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8740","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8744","summary":"A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00314,"ranking_epss":0.5455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8746","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02306,"ranking_epss":0.84774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8749","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01253,"ranking_epss":0.79368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8751","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8752","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210605","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8753","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8756","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01253,"ranking_epss":0.79368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8668","summary":"A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210346","https://support.apple.com/en-us/HT210351","https://support.apple.com/en-us/HT210353","https://support.apple.com/en-us/HT210346","https://support.apple.com/en-us/HT210351","https://support.apple.com/en-us/HT210353"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8706","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8709","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8712","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00988,"ranking_epss":0.7689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8718","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.5061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8728","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210608","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210608","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8592","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a malicious audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8612","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8631","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8633","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00378,"ranking_epss":0.59384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210353","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210353"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8570","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00478,"ranking_epss":0.65004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209443","https://support.apple.com/en-us/HT209447","https://support.apple.com/en-us/HT209449","https://support.apple.com/en-us/HT209450","https://support.apple.com/en-us/HT209451","https://support.apple.com/en-us/HT209443","https://support.apple.com/en-us/HT209447","https://support.apple.com/en-us/HT209449","https://support.apple.com/en-us/HT209450","https://support.apple.com/en-us/HT209451"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8582","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210124","https://support.apple.com/en-us/HT210125","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210124","https://support.apple.com/en-us/HT210125"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4474","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00862,"ranking_epss":0.75089,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209106","https://support.apple.com/en-us/HT209107","https://support.apple.com/en-us/HT209108","https://support.apple.com/en-us/HT209109","https://support.apple.com/en-us/HT209140","https://support.apple.com/en-us/HT209141","https://support.apple.com/en-us/HT209106","https://support.apple.com/en-us/HT209107","https://support.apple.com/en-us/HT209108","https://support.apple.com/en-us/HT209109","https://support.apple.com/en-us/HT209140","https://support.apple.com/en-us/HT209141"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4381","summary":"A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209192","https://support.apple.com/en-us/HT209194","https://support.apple.com/en-us/HT209192","https://support.apple.com/en-us/HT209194"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4433","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.5354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209106","https://support.apple.com/en-us/HT209107","https://support.apple.com/en-us/HT209108","https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209106","https://support.apple.com/en-us/HT209107","https://support.apple.com/en-us/HT209108","https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4444","summary":"A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00457,"ranking_epss":0.63965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209340","https://support.apple.com/en-us/HT209342","https://support.apple.com/en-us/HT209344","https://support.apple.com/en-us/HT209345","https://support.apple.com/en-us/HT209340","https://support.apple.com/en-us/HT209342","https://support.apple.com/en-us/HT209344","https://support.apple.com/en-us/HT209345"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4448","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209340","https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209342","https://support.apple.com/en-us/HT209343","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209340","https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209342","https://support.apple.com/en-us/HT209343","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9994","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00284,"ranking_epss":0.51868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175"],"published_time":"2020-10-22T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9937","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9938","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9940","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00867,"ranking_epss":0.75176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9980","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9984","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9901","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9902","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00246,"ranking_epss":0.47875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9904","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9905","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0121,"ranking_epss":0.79007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9919","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00794,"ranking_epss":0.73975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9883","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0106,"ranking_epss":0.77663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211931","https://www.zerodayinitiative.com/advisories/ZDI-20-1389/","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211931","https://www.zerodayinitiative.com/advisories/ZDI-20-1389/"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9892","summary":"Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9900","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9868","summary":"A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9871","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9872","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.5441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9873","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.5441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9874","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9875","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00253,"ranking_epss":0.48659,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9876","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00741,"ranking_epss":0.72992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9877","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.5441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9879","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9880","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00864,"ranking_epss":0.75132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3918","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9772","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9787","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9854","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9863","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00287,"ranking_epss":0.52166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9968","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/HT211843","https://support.apple.com/HT211844","https://support.apple.com/HT211849","https://support.apple.com/HT211850","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/HT211843","https://support.apple.com/HT211844","https://support.apple.com/HT211849","https://support.apple.com/HT211850"],"published_time":"2020-10-16T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9976","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00288,"ranking_epss":0.52244,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/HT211843","https://support.apple.com/HT211844","https://support.apple.com/HT211850","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/HT211843","https://support.apple.com/HT211844","https://support.apple.com/HT211850"],"published_time":"2020-10-16T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9983","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01301,"ranking_epss":0.79753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/18","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","http://www.openwall.com/lists/oss-security/2020/11/23/3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/","https://security.gentoo.org/glsa/202012-10","https://support.apple.com/HT211845","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://www.debian.org/security/2020/dsa-4797","http://seclists.org/fulldisclosure/2020/Nov/18","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","http://www.openwall.com/lists/oss-security/2020/11/23/3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/","https://security.gentoo.org/glsa/202012-10","https://support.apple.com/HT211845","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://www.debian.org/security/2020/dsa-4797"],"published_time":"2020-10-16T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9915","summary":"An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00775,"ranking_epss":0.73641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211292","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295","https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211292","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9916","summary":"A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00526,"ranking_epss":0.67045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211292","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295","https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211292","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9918","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01424,"ranking_epss":0.80639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9925","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211292","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295","https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211292","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9933","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00216,"ranking_epss":0.44217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9936","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00318,"ranking_epss":0.54896,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211293","https://support.apple.com/HT211294","https://support.apple.com/HT211295"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null}]}