Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-44172

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-27 Jan, 2025 | 21:46
Updated At-02 Apr, 2026 | 18:23
Rejected At-
Credits

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access contacts.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:27 Jan, 2025 | 21:46
Updated At:02 Apr, 2026 | 18:23
Rejected At:
▼CVE Numbering Authority (CNA)

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access contacts.

Affected Products
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From 0 before 13.7.3 (custom)
  • From 0 before 14.7.3 (custom)
  • From 0 before 15 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn app may be able to access contacts
Type: N/A
CWE ID: N/A
Description: An app may be able to access contacts
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/121238
N/A
https://support.apple.com/en-us/122069
N/A
https://support.apple.com/en-us/122070
N/A
Hyperlink: https://support.apple.com/en-us/121238
Resource: N/A
Hyperlink: https://support.apple.com/en-us/122069
Resource: N/A
Hyperlink: https://support.apple.com/en-us/122070
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2025/Jan/17
N/A
http://seclists.org/fulldisclosure/2025/Jan/16
N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/17
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/16
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:27 Jan, 2025 | 22:15
Updated At:02 Apr, 2026 | 19:18

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access contacts.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Apple Inc.
apple
>>macos>>Versions before 13.7.3(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.7.3(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-863Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/121238product-security@apple.com
Release Notes
https://support.apple.com/en-us/122069product-security@apple.com
Release Notes
https://support.apple.com/en-us/122070product-security@apple.com
Release Notes
http://seclists.org/fulldisclosure/2025/Jan/16af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2025/Jan/17af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://support.apple.com/en-us/121238
Source: product-security@apple.com
Resource:
Release Notes
Hyperlink: https://support.apple.com/en-us/122069
Source: product-security@apple.com
Resource:
Release Notes
Hyperlink: https://support.apple.com/en-us/122070
Source: product-security@apple.com
Resource:
Release Notes
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/17
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2024-44287
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44305
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 19.92%
||
7 Day CHG-0.00%
Published-20 Mar, 2025 | 23:53
Updated-02 Apr, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44301
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.24%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43197
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:54
Updated-02 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43307
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:34
Updated-02 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43387
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:17
Updated-02 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. A malicious app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43251
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-02 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.6. A local attacker may gain access to Keychain items.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43336
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:16
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43230
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.03% / 7.28%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSiPadOSwatchOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44253
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.39%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-21274
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 18:25
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamweaver Desktop | Incorrect Authorization (CWE-863)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-dreamweavermacoswindowsDreamweaver Desktop
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-20624
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-02 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-31254
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.77%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:34
Updated-02 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.

Action-Not Available
Vendor-Apple Inc.
Product-ipadossafariiphone_osSafariiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44162
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.78%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:23
Updated-02 Apr, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.

Action-Not Available
Vendor-Apple Inc.
Product-xcodeXcode
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44136
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 53.54%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 19:35
Updated-02 Apr, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-30469
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.4||LOW
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:22
Updated-02 Apr, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24233
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 71.18%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to read or write to protected files.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24121
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.01% / 2.16%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24200
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-48.16% / 97.75%
||
7 Day CHG+0.87%
Published-10 Feb, 2025 | 19:04
Updated-03 Apr, 2026 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-05||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiPadOSiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24221
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.92%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:22
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosvisionOSiOS and iPadOSiPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24114
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.17%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:46
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-23255
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.15% / 35.23%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmacOSiOS and iPadOSiosipadosmacos
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44137
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 20.82%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access may be able to share items from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43459
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 7.62%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:16
Updated-02 Apr, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in watchOS 26.1. An attacker with physical access to a locked Apple Watch may be able to view Live Voicemail.

Action-Not Available
Vendor-Apple Inc.
Product-watchoswatchOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-40843
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.52%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-40770
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.25%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 23:22
Updated-02 Apr, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-40855
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.17%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2. A sandboxed app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSvisionOSmacos
CWE ID-CWE-863
Incorrect Authorization
CVE-2012-6094
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 71.77%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 14:07
Updated-06 Aug, 2024 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

Action-Not Available
Vendor-cupsDebian GNU/LinuxApple Inc.
Product-cupsdebian_linuxcups
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-46704
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 24.65%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-27848
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.4||HIGH
EPSS-0.04% / 13.32%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 20:56
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacosmacOSiOS and iPadOSiphone_osipad_osmacos
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-27798
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.12%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 23:00
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An attacker may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-23250
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosipad_osmacosiphone_osmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-23262
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.23%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, visionOS 1.1. An app may be able to spoof system notifications and UI.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosipadosvisionOSiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2016-4178
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 66.67%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-42788
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.10%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-05 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43397
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 01:16
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-26767
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 31.61%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 19:22
Updated-30 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24099
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 20.13%
||
7 Day CHG+0.02%
Published-30 Jan, 2025 | 16:32
Updated-02 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local attacker may be able to elevate their privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-8512
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.17% / 38.38%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osiOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-30440
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass ASLR.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-21186
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 62.77%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.

Action-Not Available
Vendor-Google LLCApple Inc.Fedora ProjectDebian GNU/Linux
Product-chromeiphone_osdebian_linuxfedoraChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-1854
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:45
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. .

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-3852
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.77%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 20:09
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.

Action-Not Available
Vendor-Apple Inc.
Product-safariSafari
CWE ID-CWE-863
Incorrect Authorization
CVE-2010-4296
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 19.99%
||
7 Day CHG~0.00%
Published-06 Dec, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

Action-Not Available
Vendor-n/aApple Inc.VMware (Broadcom Inc.)Linux Kernel Organization, Inc
Product-playermac_os_xserverfusionlinux_kernelworkstationn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-35990
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 14.08%
||
7 Day CHG+0.01%
Published-26 Sep, 2023 | 20:14
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacoswatchoswatchOSiOS and iPadOSmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-27954
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.33%
||
7 Day CHG-0.04%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

Action-Not Available
Vendor-Debian GNU/LinuxApple Inc.
Product-ipadostvosiphone_ossafariwatchosmacosdebian_linuxwatchOSmacOSiOS and iPadOSSafaritvOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-5199
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.37%
||
7 Day CHG+0.03%
Published-11 Jul, 2025 | 23:21
Updated-26 Aug, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LPE on Multipass for macOS

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.

Action-Not Available
Vendor-Apple Inc.Canonical Ltd.
Product-multipassmacosMultipass
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-23538
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.45%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-31227
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 33.98%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-9712
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 58.22%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 13:55
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found