Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ipados

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

36

CISA CVEs -

0

NVD CVEs -

1604
Related CVEsRelated VendorsRelated AssignersReports
1608Vulnerabilities found
CVE-2025-43300
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.34% / 79.20%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 00:27
Updated-26 Aug, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-09-11||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacosiOS and iPadOSmacOSiPadOSiOS, iPadOS, and macOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43265
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:54
Updated-01 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_osmacosipadostvoswatchossafariwatchOSmacOStvOSSafariiOS and iPadOSvisionOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-43216
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:36
Updated-31 Jul, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafariwatchOSiPadOSmacOStvOSSafariiOS and iPadOSvisionOS
CWE ID-CWE-416
Use After Free
CVE-2025-43186
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.23%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:36
Updated-31 Jul, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6, macOS Ventura 13.7.7. Parsing a file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacoswatchOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43217
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:36
Updated-31 Jul, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6. Privacy Indicators for microphone or camera access may not be correctly displayed.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOSiPadOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-31276
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOSiPadOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-43230
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.00%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-01 Aug, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with additional permissions checks. This issue is fixed in iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosmacosipadostvoswatchoswatchOSiPadOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-43226
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may result in disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacoswatchOSiPadOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-24224
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.15%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in tvOS 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5, macOS Ventura 13.7.7. A remote attacker may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacoswatchOSiPadOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-43227
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.91%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafariwatchOSmacOStvOSSafariiOS and iPadOSvisionOS
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-43211
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.09%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafariwatchOSiPadOSmacOStvOSSafariiOS and iPadOSvisionOS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-43212
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafariwatchOSmacOStvOSSafariiOS and iPadOSvisionOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43228
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 4.94%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-04 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing.

Action-Not Available
Vendor-Apple Inc.
Product-safariiphone_osipadosSafariiOS and iPadOS
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-43224
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosvisionosmacostvOSiOS and iPadOSvisionOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43209
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.47%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, visionOS 2.6, macOS Ventura 13.7.7. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacoswatchOSiPadOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43234
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-01 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osvisionosmacosipadostvoswatchoswatchOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43214
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-22 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafariSafaritvOSmacOSwatchOSiOS and iPadOSvisionOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-31278
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 13.46%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-31 Jul, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafarivisionOSSafariiOS and iPadOSmacOSiPadOSwatchOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-31277
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 13.46%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafarivisionOSSafariiOS and iPadOSmacOSwatchOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43277
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted audio file may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacosvisionOSiOS and iPadOSmacOSwatchOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43220
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.89%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiPadOSmacOS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-43221
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, visionOS 2.6, tvOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosvisionosmacosmacOSvisionOStvOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-31273
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 13.46%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafarivisionOSSafariiOS and iPadOSmacOSwatchOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43225
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiPadOSmacOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-31229
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.06%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CWE ID-CWE-261
Weak Encoding for Password
CVE-2025-43213
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.61%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacossafarivisionOSSafariiOS and iPadOSmacOSwatchOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-43222
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 19.03%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An attacker may be able to cause unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiPadOSmacOS
CWE ID-CWE-416
Use After Free
CVE-2025-31279
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.34%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint the user.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiPadOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-31281
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.15% / 35.99%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:28
Updated-22 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved memory handling. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted file may lead to unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosvisionosmacostvOSiOS and iPadOSvisionOSmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43223
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.36%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:28
Updated-31 Jul, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged user may be able to modify restricted network settings.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_oswatchostvosvisionosmacoswatchOSiPadOSmacOStvOSiOS and iPadOSvisionOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-43200
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 34.25%
||
7 Day CHG+0.01%
Published-16 Jun, 2025 | 21:36
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-07||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosvisionosmacoswatchosiphone_oswatchOSiPadOSmacOSiOS and iPadOSvisionOSMultiple Products
CVE-2025-30466
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 21:34
Updated-02 Jun, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.

Action-Not Available
Vendor-Apple Inc.
Product-visionosmacosipadosiphone_ossafariiOS and iPadOSmacOSSafarivisionOS
CWE ID-CWE-346
Origin Validation Error
CVE-2025-31199
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 21:34
Updated-02 Jun, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosvisionosiphone_osmacosiOS and iPadOSmacOSvisionOS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-24184
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.76%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:00
Updated-28 May, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadoswatchosiphone_osvisionosmacosiOS and iPadOSiPadOSmacOSwatchOSvisionOStvOS
CVE-2025-24189
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.74%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:00
Updated-28 May, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadossafariwatchosiphone_osvisionosmacosiOS and iPadOSmacOSwatchOSvisionOSSafaritvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-31185
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:00
Updated-28 May, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osiOS and iPadOS
CVE-2025-31262
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:00
Updated-28 May, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadoswatchosiphone_osvisionosmacosiOS and iPadOSmacOSwatchOSvisionOStvOS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-31220
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.44%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:43
Updated-27 May, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiPadOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24223
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8||HIGH
EPSS-0.03% / 8.21%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:43
Updated-27 May, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-safarimacosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSwatchOSSafariiOS and iPadOS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31241
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.34%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:43
Updated-14 Aug, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvoswatchOSiOS and iPadOSvisionOSmacOStvOSiPadOS
CWE ID-CWE-415
Double Free
CVE-2025-31257
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:43
Updated-27 May, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-safarimacosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSwatchOSSafariiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-24111
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.10%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-31217
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.11%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-safarimacosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSSafariiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-31221
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.64%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSiOS and iPadOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-31210
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.86%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiPadOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-31206
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.40%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-safarimacosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSSafariiOS and iPadOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-31251
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-31226
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchosvisionostvosmacOSvisionOStvOSiPadOSwatchOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-24225
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 9.55%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiPadOSiOS and iPadOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-31227
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 32
  • 33
  • Next