| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-22673 |
|
|
DoS |
2022-05-26 |
2022-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service. |
|
2 |
CVE-2022-22653 |
20 |
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. |
|
3 |
CVE-2022-22643 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
|
4 |
CVE-2022-22609 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
|
5 |
CVE-2022-22585 |
59 |
|
|
2022-03-18 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
|
6 |
CVE-2021-31010 |
502 |
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. |
|
7 |
CVE-2021-31005 |
|
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types. |
|
8 |
CVE-2021-30998 |
295 |
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address. |
|
9 |
CVE-2021-30997 |
312 |
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail. |
|
10 |
CVE-2021-30995 |
362 |
|
|
2021-08-24 |
2022-02-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. |
|
11 |
CVE-2021-30984 |
362 |
|
Exec Code |
2021-08-24 |
2022-02-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
12 |
CVE-2021-30966 |
668 |
|
|
2021-08-24 |
2021-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. |
|
13 |
CVE-2021-30882 |
|
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call. |
|
14 |
CVE-2021-30874 |
862 |
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission. |
|
15 |
CVE-2021-30854 |
|
|
|
2021-08-24 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions. |
|
16 |
CVE-2021-30826 |
|
|
|
2021-10-19 |
2022-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection. |
|
17 |
CVE-2021-30800 |
|
|
DoS Exec Code |
2021-09-08 |
2021-09-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. |
|
18 |
CVE-2021-30788 |
|
|
|
2021-09-08 |
2021-09-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. |
|
19 |
CVE-2021-30786 |
362 |
|
Exec Code |
2021-09-08 |
2021-09-21 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
|
20 |
CVE-2021-30741 |
416 |
|
|
2021-09-08 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. |
|
21 |
CVE-2021-30729 |
|
|
|
2021-09-08 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. |
|
22 |
CVE-2021-30720 |
287 |
|
|
2021-09-08 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. |
|
23 |
CVE-2021-30715 |
|
|
DoS |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. |
|
24 |
CVE-2021-30710 |
787 |
|
DoS Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. |
|
25 |
CVE-2021-30698 |
476 |
|
DoS |
2021-09-08 |
2021-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. |
|
26 |
CVE-2021-1849 |
347 |
|
Bypass |
2021-09-08 |
2021-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. |
|
27 |
CVE-2021-1809 |
125 |
|
Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. |
|
28 |
CVE-2021-1808 |
125 |
|
Mem. Corr. |
2021-09-08 |
2021-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. |
|
29 |
CVE-2021-1764 |
416 |
|
DoS |
2021-04-02 |
2021-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
30 |
CVE-2021-1761 |
|
|
DoS |
2021-04-02 |
2021-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
|
31 |
CVE-2020-9994 |
|
|
|
2020-10-22 |
2020-10-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files. |
|
32 |
CVE-2020-9991 |
|
|
DoS |
2020-12-08 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service. |
|
33 |
CVE-2020-9952 |
79 |
|
XSS |
2020-10-16 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
34 |
CVE-2020-9941 |
|
|
|
2020-10-27 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state. |
|
35 |
CVE-2020-9931 |
20 |
|
DoS |
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination. |
|
36 |
CVE-2020-9917 |
|
|
DoS |
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. |
|
37 |
CVE-2020-9916 |
|
|
|
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. |
|
38 |
CVE-2020-9914 |
20 |
|
DoS |
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. |
|
39 |
CVE-2020-9911 |
|
|
Bypass |
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. |
|
40 |
CVE-2020-9905 |
120 |
|
DoS Overflow |
2020-10-22 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service. |
|
41 |
CVE-2020-9903 |
346 |
|
|
2020-10-16 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. |
|
42 |
CVE-2020-9843 |
79 |
|
XSS |
2020-06-09 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. |
|
43 |
CVE-2020-9842 |
|
|
|
2020-06-09 |
2023-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions. |
|
44 |
CVE-2020-9839 |
362 |
|
+Priv |
2020-06-09 |
2023-01-09 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. |
|
45 |
CVE-2020-9837 |
125 |
|
|
2020-06-09 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. |
|
46 |
CVE-2020-9835 |
|
|
|
2020-06-09 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. |
|
47 |
CVE-2020-9827 |
|
|
DoS |
2020-06-09 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. |
|
48 |
CVE-2020-9826 |
20 |
|
DoS |
2020-06-09 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. |
|
49 |
CVE-2020-9823 |
|
|
|
2020-06-09 |
2023-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. |
|
50 |
CVE-2020-9820 |
|
|
|
2020-06-09 |
2020-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. |
