Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0258

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-08 Mar, 2024 | 01:36
Updated At-17 Mar, 2025 | 15:10
Rejected At-
Credits

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:08 Mar, 2024 | 01:36
Updated At:17 Mar, 2025 | 15:10
Rejected At:
▼CVE Numbering Authority (CNA)

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Affected Products
Vendor
Apple Inc.Apple
Product
tvOS
Versions
Affected
  • From unspecified before 17.4 (custom)
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 17.4 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14.4 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From unspecified before 10.4 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Type: N/A
CWE ID: N/A
Description: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214086
N/A
https://support.apple.com/en-us/HT214081
N/A
https://support.apple.com/en-us/HT214084
N/A
https://support.apple.com/en-us/HT214088
N/A
http://seclists.org/fulldisclosure/2024/Mar/21
N/A
http://seclists.org/fulldisclosure/2024/Mar/25
N/A
http://seclists.org/fulldisclosure/2024/Mar/24
N/A
Hyperlink: https://support.apple.com/en-us/HT214086
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214081
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214084
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT214088
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT214086
x_transferred
https://support.apple.com/en-us/HT214081
x_transferred
https://support.apple.com/en-us/HT214084
x_transferred
https://support.apple.com/en-us/HT214088
x_transferred
http://seclists.org/fulldisclosure/2024/Mar/21
x_transferred
http://seclists.org/fulldisclosure/2024/Mar/25
x_transferred
http://seclists.org/fulldisclosure/2024/Mar/24
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214086
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214081
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214084
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT214088
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Apple Inc.apple
Product
tvos
CPEs
  • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 17.4 (custom)
Vendor
Apple Inc.apple
Product
macos
CPEs
  • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 14.4 (custom)
Vendor
Apple Inc.apple
Product
watchos
CPEs
  • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 10.4 (custom)
Vendor
Apple Inc.apple
Product
iphone_os
CPEs
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 17.4 (custom)
Vendor
Apple Inc.apple
Product
ipad_os
CPEs
  • cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 17.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:08 Mar, 2024 | 02:15
Updated At:17 Mar, 2025 | 16:15

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.6HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Apple Inc.
apple
>>ipad_os>>Versions before 17.4(exclusive)
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 17.4(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.4(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>Versions before 17.4(exclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 10.4(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2024/Mar/21product-security@apple.com
Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24product-security@apple.com
Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25product-security@apple.com
Mailing List
https://support.apple.com/en-us/HT214081product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214084product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214086product-security@apple.com
Vendor Advisory
https://support.apple.com/en-us/HT214088product-security@apple.com
Vendor Advisory
http://seclists.org/fulldisclosure/2024/Mar/21af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://seclists.org/fulldisclosure/2024/Mar/24af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://seclists.org/fulldisclosure/2024/Mar/25af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://support.apple.com/en-us/HT214081af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214084af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214086af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://support.apple.com/en-us/HT214088af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25
Source: product-security@apple.com
Resource:
Mailing List
Hyperlink: https://support.apple.com/en-us/HT214081
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214084
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214086
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214088
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/21
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/24
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://seclists.org/fulldisclosure/2024/Mar/25
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://support.apple.com/en-us/HT214081
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214084
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214086
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT214088
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

188Records found
CVE-2022-32945
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.80%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32789
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.87%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32904
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.98%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32880
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 20:19
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32902
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.71%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32783
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.41%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:58
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-32834
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.30%
||
7 Day CHG+0.02%
Published-24 Aug, 2022 | 19:46
Updated-29 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-42816
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2016-1041
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-8.67% / 92.08%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1040
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-8.28% / 91.89%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1039
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-8.67% / 92.08%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1038
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-5.58% / 89.93%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1042
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-8.67% / 92.08%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1044
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-6.12% / 90.42%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-5913
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.45% / 62.58%
||
7 Day CHG~0.00%
Published-09 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-5861
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-5826
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_osn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-31258
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.97%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-30462
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 14.08%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-31260
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2015-5116
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-27.66% / 96.25%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-31247
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.87%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-30460
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.4||HIGH
EPSS-0.03% / 6.29%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-31195
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-31187
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.48%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-04 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-31212
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSwatchOSiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2015-3064
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.03% / 86.11%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3066
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.03% / 86.11%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3071
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.03% / 86.11%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3114
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.43% / 61.40%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3116
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3757
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 15.22%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-30450
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.81%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2015-3125
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-31232
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.70%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A sandboxed app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2015-3148
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.44% / 79.92%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.Debian GNU/LinuxHP Inc.Canonical Ltd.CURL
Product-libcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-30433
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.93%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosvisionosiphone_osiPadOSiOS and iPadOSmacOSvisionOS
CWE ID-CWE-284
Improper Access Control
CVE-2014-8827
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 18.31%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-30425
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.71%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

Action-Not Available
Vendor-Apple Inc.
Product-tvossafarimacosipadosiphone_osmacOStvOSiOS and iPadOSiPadOSSafari
CWE ID-CWE-284
Improper Access Control
CVE-2025-30436
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 21.59%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24272
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.06%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24248
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.02% / 2.23%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24229
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.4||HIGH
EPSS-0.03% / 5.49%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A sandboxed app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24202
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.76%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osiOS and iPadOSmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24193
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.4||LOW
EPSS-0.02% / 2.53%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24241
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.77%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:22
Updated-04 Apr, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24173
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.64%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:22
Updated-04 Apr, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_ostvosmacosipadosmacOSvisionOStvOSiOS and iPadOSiPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24236
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.49%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:22
Updated-04 Apr, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24218
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24215
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.02%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosmacOSiPadOS
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found