CVE-2024-23225

CVE-2024-23225 is a memory-corruption vulnerability in Apple’s kernel that could allow an attacker with local access and kernel read/write capabilities to bypass kernel memory protections. The issue is addressed by patches in iOS 16.7.6 / iPadOS 16.7.6 and iOS 17.4 / iPadOS 17.4. Apple’s advisory...

CVE-2024-23256

CVE-2024-23256 describes a logic issue affecting Apple iOS/iPadOS Safari Private Browsing (Locked Private Browsing). The connected documents confirm the vulnerability arises from improved state management, causing a user’s locked tabs to be briefly visible when switching tab groups while Locked P...

CVE-2024-23296

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Recen...

CVE-2024-23225

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue...

Apple Security Update: iOS 15.8.2 and iPadOS 15.8.2

Apple recommends to install security update iOS 15.8.2 and iPadOS 15.8.2 on devices iPhone 6s all models, iPhone 7 all models, iPhone SE 1st generation, iPad Air 2, iPad mini 4th generation, and iPod touch 7th generation...

Apple Security Update: iOS 15.8.2 and iPadOS 15.8.2

Apple recommends to install security update iOS 15.8.2 and iPadOS 15.8.2 on devices iPhone 6s all models, iPhone 7 all models, iPhone SE 1st generation, iPad Air 2, iPad mini 4th generation, and iPod touch 7th generation...

About the security content of iOS 16.7.6 and iPadOS 16.7.6

About the security content of iOS 16.7.6 and iPadOS 16.7.6 This document describes the security content of iOS 16.7.6 and iPadOS 16.7.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

About the security content of iOS 17.4 and iPadOS 17.4

About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

The vulnerability of the web page rendering module in WebKit operating systems for iOS, macOS, and iPadOS allows attackers to execute arbitrary code.

The vulnerability of the web page rendering module in WebKit operating systems for iOS, macOS, and iPadOS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 CVSS score: 7.5, was addressed by Apple on January 22, 2024...

CVE-2023-42946

This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information...

CVE-2023-42951

The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items...

CVE-2023-42952

The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information...

CVE-2023-42953

A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

CVE-2023-42878

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

CVE-2023-42928

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges...

CVE-2023-42939

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user's private browsing activity may be unexpectedly saved in the App Privacy Report...

CVE-2023-42878

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data...

CVE-2023-42942

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges...

CVE-2023-42942

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges...