| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26764 |
787 |
|
Exec Code Mem. Corr. Bypass |
2022-05-26 |
2022-06-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. |
|
2 |
CVE-2022-26724 |
287 |
|
|
2022-05-26 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication. |
|
3 |
CVE-2022-26703 |
862 |
|
|
2022-05-26 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. |
|
4 |
CVE-2022-26690 |
362 |
|
|
2022-05-26 |
2022-06-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. |
|
5 |
CVE-2022-22671 |
|
|
|
2022-03-18 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. |
|
6 |
CVE-2022-22656 |
287 |
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. |
|
7 |
CVE-2022-22650 |
281 |
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data. |
|
8 |
CVE-2022-22648 |
|
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. |
|
9 |
CVE-2022-22647 |
|
|
Bypass |
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. |
|
10 |
CVE-2022-22622 |
668 |
|
|
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
|
11 |
CVE-2022-22621 |
200 |
|
+Info |
2022-03-18 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
|
12 |
CVE-2022-22599 |
732 |
|
+Info |
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. |
|
13 |
CVE-2022-22598 |
668 |
|
|
2022-03-18 |
2022-03-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access. |
|
14 |
CVE-2022-22583 |
668 |
|
|
2022-03-18 |
2022-11-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. |
|
15 |
CVE-2021-30987 |
863 |
|
|
2021-08-24 |
2021-12-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs. |
|
16 |
CVE-2021-30986 |
|
|
|
2021-08-24 |
2021-12-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A device configuration issue was addressed with an updated configuration. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked by its Bluetooth MAC address. |
|
17 |
CVE-2021-30972 |
863 |
|
Bypass |
2021-08-24 |
2022-10-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. |
|
18 |
CVE-2021-30967 |
|
|
|
2021-08-24 |
2021-12-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information. |
|
19 |
CVE-2021-30956 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information. |
|
20 |
CVE-2021-30948 |
522 |
|
|
2021-08-24 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. |
|
21 |
CVE-2021-30932 |
|
|
|
2021-08-24 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access contacts from the lock screen. |
|
22 |
CVE-2021-30921 |
668 |
|
|
2021-08-24 |
2022-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen. |
|
23 |
CVE-2021-30920 |
732 |
|
|
2021-08-24 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A permissions issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.0.1. A local attacker may be able to read sensitive information. |
|
24 |
CVE-2021-30918 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A Lock Screen issue was addressed with improved state management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.0.1 and iPadOS 15.0.1. A user may be able to view restricted content from the Lock Screen. |
|
25 |
CVE-2021-30915 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field. |
|
26 |
CVE-2021-30898 |
668 |
|
|
2021-08-24 |
2022-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms. |
|
27 |
CVE-2021-30875 |
|
|
|
2021-08-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen. |
|
28 |
CVE-2021-30871 |
|
|
|
2021-08-24 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data. |
|
29 |
CVE-2021-30816 |
|
|
|
2021-10-28 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. |
|
30 |
CVE-2021-30815 |
|
|
|
2021-10-19 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen. |
|
31 |
CVE-2021-30813 |
|
|
Bypass |
2021-10-28 |
2021-11-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS. |
|
32 |
CVE-2021-30811 |
|
|
|
2021-10-19 |
2022-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. |
|
33 |
CVE-2021-30810 |
862 |
|
|
2021-10-19 |
2021-11-03 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. |
|
34 |
CVE-2021-30783 |
|
|
|
2021-09-08 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. |
|
35 |
CVE-2021-30767 |
|
|
|
2021-12-23 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. |
|
36 |
CVE-2021-30756 |
200 |
|
+Info |
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions. |
|
37 |
CVE-2021-30738 |
|
|
|
2021-09-08 |
2021-09-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization. |
|
38 |
CVE-2021-30702 |
287 |
|
Bypass |
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window. |
|
39 |
CVE-2021-30699 |
|
|
|
2021-09-08 |
2021-09-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen. |
|
40 |
CVE-2021-30697 |
|
|
+Info |
2021-09-08 |
2021-09-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. |
|
41 |
CVE-2021-30668 |
287 |
|
Bypass |
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update. |
|
42 |
CVE-2021-30654 |
|
|
|
2021-09-08 |
2021-09-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. |
|
43 |
CVE-2021-1863 |
287 |
|
|
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. |
|
44 |
CVE-2021-1862 |
287 |
|
|
2021-09-08 |
2021-09-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic. |
|
45 |
CVE-2021-1848 |
|
|
|
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher. |
|
46 |
CVE-2021-1836 |
269 |
|
|
2021-09-08 |
2022-10-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. |
|
47 |
CVE-2021-1835 |
862 |
|
|
2021-09-08 |
2021-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. |
|
48 |
CVE-2021-1822 |
|
|
|
2021-09-08 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. |
|
49 |
CVE-2021-1815 |
22 |
|
Dir. Trav. |
2021-09-08 |
2022-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. |
|
50 |
CVE-2021-1797 |
|
|
|
2021-04-02 |
2021-05-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. |
