Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

tvOS

Source -

CNA

CNA CVEs -

955

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
955Vulnerabilities found
CVE-2025-24179
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 2.44%
||
7 Day CHG~0.00%
Published-29 Apr, 2025 | 02:05
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacostvosipadosvisionosvisionOSiPadOStvOSiOS and iPadOSmacOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-24270
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG+0.01%
Published-29 Apr, 2025 | 02:05
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacostvosipadosvisionosvisionOSiPadOStvOSiOS and iPadOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24271
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.32%
||
7 Day CHG-0.01%
Published-29 Apr, 2025 | 02:05
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacostvosipadosvisionosvisionOSiPadOStvOSiOS and iPadOSmacOS
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-24206
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.7||HIGH
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-29 Apr, 2025 | 02:05
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.

Action-Not Available
Vendor-Apple Inc.
Product-tvosipadosiphone_osmacosvisionosiOS and iPadOSmacOSvisionOStvOSiPadOS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-24251
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.86%
||
7 Day CHG-0.03%
Published-29 Apr, 2025 | 02:05
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosipadosvisionosvisionOSwatchOSiPadOStvOSiOS and iPadOSmacOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-31202
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.61%
||
7 Day CHG+0.01%
Published-29 Apr, 2025 | 02:05
Updated-05 May, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosipadostvosiphone_osvisionostvOSvisionOSmacOSiOS and iPadOS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-31203
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.55%
||
7 Day CHG-0.03%
Published-29 Apr, 2025 | 02:05
Updated-05 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macoswatchosipadostvosiphone_osvisionosvisionOSwatchOSiPadOStvOSiOS and iPadOSmacOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-30445
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.57%
||
7 Day CHG-0.01%
Published-29 Apr, 2025 | 02:05
Updated-05 May, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosipadostvosiphone_osvisionosvisionOSiPadOStvOSiOS and iPadOSmacOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-31200
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 52.36%
||
7 Day CHG+0.04%
Published-16 Apr, 2025 | 18:24
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-08||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Action-Not Available
Vendor-Apple Inc.
Product-macosvisionostvosiphone_osipadosiOS iOS and iPadOSvisionOSmacOStvOSMultiple Products
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-31201
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.11%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 18:24
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-08||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Action-Not Available
Vendor-Apple Inc.
Product-macosvisionostvosiphone_osipadosiOS iOS and iPadOSvisionOSmacOStvOSMultiple Products
CVE-2023-42970
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.26%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 14:53
Updated-29 Apr, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-ipadossafarimacostvoswatchosiphone_osSafarimacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-416
Use After Free
CVE-2023-42875
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.97%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 14:53
Updated-25 Apr, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

Action-Not Available
Vendor-Apple Inc.
Product-watchossafarimacostvosipadosiphone_osSafarimacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-30427
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.10%
||
7 Day CHG-0.06%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvossafarimacosvisionosipadosiphone_osiOS and iPadOStvOSiPadOSSafarivisionOSmacOS
CWE ID-CWE-416
Use After Free
CVE-2025-31191
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.80%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-10 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosmacostvosiOS and iPadOSmacOStvOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24238
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.40%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 22:24
Updated-04 Apr, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosmacostvOSiOS and iPadOSmacOS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-30447
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.91%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOStvOSiPadOSiOS and iPadOSvisionOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24214
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.95%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-07 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_ostvOSiOS and iPadOSvisionOSmacOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24097
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-0.01% / 0.42%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:24
Updated-04 Apr, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to read arbitrary file metadata.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosmacosiOS and iPadOSmacOStvOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-24243
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG-0.02%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_ostvosmacosipadosmacOStvOSiPadOSvisionOSiOS and iPadOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-30426
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.38%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOStvOSiPadOSiOS and iPadOSvisionOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-30471
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG-0.10%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_ostvosmacosipadosmacOSvisionOStvOSiOS and iPadOSiPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24182
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.90%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosvisionosiphone_ostvOSiOS and iPadOSvisionOSmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-24244
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.91%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_ostvostvOSiPadOSiOS and iPadOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24213
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.35%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-13 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. A type confusion issue could lead to memory corruption.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_ostvossafarimacOSvisionOStvOSiPadOSwatchOSSafariiOS and iPadOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-24194
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.84%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_ostvOSiOS and iPadOSmacOSvisionOS
CVE-2025-24209
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7||HIGH
EPSS-0.06% / 19.78%
||
7 Day CHG-0.07%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvossafarimacosipadosiphone_osmacOStvOSSafariiPadOSiOS and iPadOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-24264
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.32%
||
7 Day CHG-0.05%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_ostvosmacosipadossafariiOS and iPadOStvOSiPadOSSafarivisionOSmacOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-24212
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.15%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOSvisionOStvOSiOS and iPadOSiPadOS
CVE-2025-31183
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.48%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 22:23
Updated-04 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosmacosiOS and iPadOSmacOStvOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-30454
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.90%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_ostvosiOS and iPadOSmacOStvOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24211
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.74%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOStvOSiPadOSvisionOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-24230
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.74%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOSvisionOStvOSiOS and iPadOSiPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30438
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.81%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:23
Updated-28 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.

Action-Not Available
Vendor-Apple Inc.
Product-visionostvoswatchosiphone_osmacosipadostvOSmacOSiOS and iPadOSvisionOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24210
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.59%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Parsing an image may lead to disclosure of user information.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOStvOSiPadOSvisionOSiOS and iPadOS
CWE ID-CWE-783
Operator Precedence Logic Error
CVE-2025-24178
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.05%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 22:22
Updated-04 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_ostvosmacostvOSiOS and iPadOSiPadOSmacOS
CVE-2025-31182
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.68%
||
7 Day CHG-0.07%
Published-31 Mar, 2025 | 22:22
Updated-04 Apr, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_ostvosmacosipadostvOSiOS and iPadOSvisionOSmacOS
CWE ID-CWE-862
Missing Authorization
CVE-2025-30425
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.38%
||
7 Day CHG-0.03%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

Action-Not Available
Vendor-Apple Inc.
Product-tvossafarimacosipadosiphone_osmacOStvOSiOS and iPadOSiPadOSSafari
CWE ID-CWE-284
Improper Access Control
CVE-2025-24173
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.59%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:22
Updated-04 Apr, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-visionosiphone_ostvosmacosipadosmacOSvisionOStvOSiOS and iPadOSiPadOS
CWE ID-CWE-284
Improper Access Control
CVE-2025-24190
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 18.74%
||
7 Day CHG-0.04%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOStvOSiPadOSvisionOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-30429
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.15%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osmacOSvisionOStvOSiOS and iPadOSiPadOS
CVE-2025-24217
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.37%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_ostvostvOSiOS and iPadOSmacOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-24216
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.95%
||
7 Day CHG-0.05%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvossafarimacosvisionosipadosiphone_osiOS and iPadOSSafaritvOSvisionOSiPadOSmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-508
Non-Replicating Malicious Code
CVE-2025-30432
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.00%
||
7 Day CHG-0.05%
Published-31 Mar, 2025 | 22:22
Updated-07 Apr, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosvisionosipadosiphone_osiOS and iPadOStvOSvisionOSiPadOSmacOS
CWE ID-CWE-287
Improper Authentication
CVE-2024-54551
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.65%
||
7 Day CHG+0.07%
Published-20 Mar, 2025 | 23:53
Updated-24 Mar, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchostvosipadossafarivisionosmacosiphone_ostvOSiOS and iPadOSvisionOSmacOSSafariwatchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-54525
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.71%
||
7 Day CHG+0.17%
Published-17 Mar, 2025 | 19:38
Updated-24 Mar, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Action-Not Available
Vendor-Apple Inc.
Product-watchostvosipadosvisionosmacosiphone_ostvOSiOS and iPadOSvisionOSmacOSwatchOS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-43454
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.51%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 19:37
Updated-24 Mar, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-watchostvosipadosmacosiphone_oswatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-415
Double Free
CVE-2024-54467
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.74%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 19:11
Updated-14 Mar, 2025 | 11:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosiphone_ossafariipadoswatchosvisionOSSafariwatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-54560
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 19:11
Updated-14 Mar, 2025 | 11:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosiphone_osipadoswatchoswatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-44192
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 19:11
Updated-14 Mar, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacossafariiphone_osvisionoswatchosvisionOSSafariwatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-27859
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 18:09
Updated-15 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosiphone_osvisionosipadoswatchosvisionOSwatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-54658
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.61%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 18:09
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosvisionossafariipadosmacOSSafariiOS and iPadOStvOSvisionOSwatchOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 19
  • 20
  • Next