CVE-2023-42836

CVE-2023-42836 is a logic-issue vulnerability in Apple OSes (iOS/iPadOS/macOS) where an attacker could access connected network volumes mounted in the user’s home directory. The issue is addressed with improved checks and is fixed in iOS 17.1/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, ...

CVE-2023-42952

CVE-2023-42952 affects Apple platforms (iOS, iPadOS, macOS) where an app with root privileges may access private information. The issue is addressed with improved checks and is fixed in iOS/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.1. Connected sources also ref...

CVE-2023-42939

CVE-2023-42939 is a WebKit logic issue in iOS/iPadOS that may cause a user’s private browsing activity to be saved in the App Privacy Report. It is fixed in iOS 17.1 and iPadOS 17.1; no exploits or attack vectors are detailed in the provided documents.

CVE-2023-42839

CVE-2023-42839 pertains to an Apple-wide issue fixed by improved state management. Affected products/environments include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. The vulnerability potentially allowed an app to access sensitive user data. Remediation is OS updates to...

CVE-2023-42878

CVE-2023-42878 is a privacy issue affecting Apple platforms (watchOS, macOS, iOS, iPadOS). The root problem is insufficient private data redaction in log entries, enabling an app to access sensitive user data. It is fixed in watchOS 10.1, macOS Sonoma 14.1, and iOS 17.1 / iPadOS 17.1. No exploita...

CVE-2023-42951

CVE-2023-42951 pertains to Apple’s Safari in iOS 17.1 and iPadOS 17.1. The issue stems from improved handling of caches, and can cause a user to be unable to delete browsing history items. Multiple sources (Apple security notes, NVD entry, Red Hat advisory) confirm the vulnerability is addressed ...

CVE-2023-42843

CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webk­­itgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...

CVE-2023-42953

CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...

CVE-2023-42946

CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...

CVE-2023-42834

CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...

CVE-2023-42855

The CVE-2023-42855 entry concerns iOS 17.1 / iPadOS 17.1. The issue arises from a design/logic flaw that could allow an attacker with physical access to silently persist an Apple ID on a device that has been erased. Apple’s description indicates this was addressed by improved state management and...

CVE-2023-42873

CVE-2023-42873 affects Apple platforms and is resolved via updated bounds checks that prevent arbitrary code execution with kernel privileges. The fixed versions include macOS Sonoma 14.1; tvOS 17.1; macOS Monterey 12.7.1; macOS Ventura 13.6.1; iOS 16.7.2 and 17.1; and iPadOS 16.7.2 and 17.1. The...

CVE-2023-42942

CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....

CVE-2023-42848

CVE-2023-42848 affects Apple media/image processing components across multiple platforms. The issue causes heap corruption when processing a maliciously crafted image, addressed by updated bounds checks and fixes in: watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and 17.1, and iPadOS 16.7...

CVE-2023-42928

CVE-2023-42928 affects Apple iOS/iPadOS; root cause: impaired bounds checks; impact: an app may be able to gain elevated privileges; remediation: patch in iOS 17.1 and iPadOS 17.1.

CVE-2022-22637

CVE-2022-22637 is a WebKit-related issue reported by Apple, described as a logic issue in state management that could cause unexpected cross-origin behavior. Affected components: WebKit used by Safari on macOS (Monterey 12.3, Safari 15.4) and iOS/tvOS/iPadOS platforms; root cause: logic/state man...

CVE-2021-1799

The CVE-2021-1799 entry describes a port redirection issue in WebKitGTK/WebKit allowing a malicious website to access restricted ports on arbitrary servers. Connected advisories confirm this impacts WebKitGTK and WPE WebKit upstream, with fixes implemented in WebKitGTK prior to 2.30.6 (and in ven...

CVE-2020-3899

CVE-2020-3899 affects WebKitGTK/WebKit2GTK (webkitgtk4) up to upstream 2.28.2. A memory consumption issue may allow a remote attacker to execute arbitrary code via crafted web content. Public advisories confirm upgrade requirements: Arch Linux ASA-202004-23 (webkit2gtk before 2.28.2-1), Debian DS...

CVE-2021-1801

CVE-2021-1801 affects WebKitGTK (and WPE WebKit) up to pre-2.30.6. The issue allows a maliciously crafted web content to violate iframe sandboxing policy, effectively a sandbox/iframe policy relaxation risk. Public advisories (Arch Linux ASA-202103-24 and Debian security notices) describe this as...

CVE-2020-3895

CVE-2020-3895 is a memory corruption vulnerability in WebKit components (WebKitGTK/WebKit2GTK) where processing malicious web content could lead to arbitrary code execution. Affected: WebKitGTK/WebKit2GTK in multiple distros and Apple platforms. Remediation: update to fixed versions (e.g., WebKit...

CVE-2020-3894

CVE-2020-3894 describes a race condition in WebKit that could allow an application to read restricted memory. The issue affects Apple WebKit-related components across multiple platforms (iOS, iPadOS, tvOS, Safari, and Windows via iTunes/iCloud) and is fixed in iOS 13.4, iPadOS 13.4, tvOS 13.4, Sa...

CVE-2020-3901

CVE-2020-3901 is a WebKit type-confusion vulnerability addressed by Apple in iOS 13.4 / iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, and related Apple software. The initial description notes a memory-handling related type confusion that could allow arbitrary code execution when processing ma...

CVE-2021-30888

CVE-2021-30888 is an information-leakage flaw in WebKitGTK and WebKit where a malicious website using Content Security Policy can leak information via redirect behavior. Remediation is provided by Apple in the iOS 15.1/iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1/iPadOS 14.8.1, tvOS 15.1, and w...

CVE-2020-3900

CVE-2020-3900 is a memory corruption vulnerability in WebKitGTK/WebKitGTK+ (WebKit) that may allow arbitrary code execution when processing maliciously crafted web content. The connected advisories confirm affected components (WebKitGTK4/WebKit2GTK) and remediations: upgrading to WebKitGTK4 2.28....

CVE-2020-3897

CVE-2020-3897 is a type confusion in WebKitGTK/WebKit (WebKitGTK4). The issue could allow a remote attacker to cause arbitrary code execution. Public fixes are in upstream WebKit/WebKitGTK4 2.28.2 (and related downstream advisories) and are reflected in vendor-specific updates (e.g., ALAS2-2020-1...

CVE-2020-3885

CVE-2020-3885 describes a logic issue where a file URL may be incorrectly processed in WebKit-related components. The vulnerability is fixed in Apple platforms (iOS 13.4, iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes/Windows 12.10.5, iCloud for Windows 7.18) and in WebKitGTK/WebKit-based stacks. Pu...

CVE-2020-3902

CVE-2020-3902 is a cross-site scripting (XSS) issue tied to improper input validation in WebKit components. Public mentions cover WebKitGTK+ (Debian/ALSA CentOS advisories) and Apple WebKit entries, all describing processing of malicious web content leading to XSS. The Debian advisory notes the f...

CVE-2022-22624

CVE-2022-22624 is a WebKitGTK/WebKit2GTK use-after-free vulnerability that can lead to arbitrary code execution when processing malicious web content. The CVE is fixed in platforms referenced in the connected docs (e.g., macOS Safari upgrades; WebKitGTK/WebKit2GTK updates in Debian, AlmaLinux adv...

CVE-2022-22628

CVE-2022-22628 is a WebKitGTK/WebKit2GTK use-after-free vulnerability that can lead to arbitrary code execution when processing malicious web content. Connected advisories confirm exploitation potential in WebKitGTK/WebKit2GTK across Linux distributions and related platforms. Mitigations document...

CVE-2025-24203

CVE-2025-24203 is a local kernel memory bug (VM_BEHAVIOR_ZERO_WIRED_PAGES) that enables a user-process to zero wired kernel pages, creating a kernel read/write primitive. Public materials describe chaining this bug with additional flaws (e.g., sandbox escape, PID/file-signature bypass) to achieve...

CVE-2024-23226

CVE-2024-23226 affects Apple OS stack and is about improper memory handling during processing of web content, leading to arbitrary code execution. Connected advisories corroborate the issue and note fixes in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and tvOS 17.4. The ...

CVE-2024-23280

The CVE-2024-23280 entry concerns an injection issue in WebKitGTK/WebKit2GTK where maliciously crafted web content could fingerprint a user. The core detail from connected sources shows the vulnerability affects WebKitGTK/WebKit2GTK components used in Linux/macOS ecosystems, with the underlying c...

CVE-2021-1797

CVE-2021-1797 affects Apple APFS on macOS (Mojave/Catalina) and related OSes. The issue, caused by inadequate permissions logic, could allow a local user to read arbitrary files. Apple patched this in macOS Big Sur 11.2 and Security Updates 2021-001 Catalina/Mojave, plus watchOS 7.3, tvOS 14.4, i...

CVE-2024-23273

CVE-2024-23273 affects Safari Private Browsing across Safari 17.4, iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4. The underlying issue, described as improved state management, could allow Private Browsing tabs to be accessed without authentication. The CVSS v3.1 base score is 4.3 (Medium), with im...

CVE-2024-23254

CVE-2024-23254 concerns WebKit/WebKitGTK components where a malicious website could exfiltrate audio data cross-origin. The initial entry notes the issue is fixed in Apple platforms: tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and Safari 17.4. Public disclosur...

CVE-2022-22610

CVE-2022-22610 involves a memory corruption issue addressed with improved state management. The vulnerability is fixed in macOS Monterey 12.3 and corresponding Apple software updates: Safari 15.4, watchOS 8.5, iOS 15.4, iPadOS 15.4, and tvOS 15.4. Exploitation would occur by processing maliciousl...

CVE-2021-1753

CVE-2021-1753 affects Apple OS components handling images. An out-of-bounds read was addressed with improved bounds checking, fixed in macOS Big Sur 11.2 and Security Update 2021-001 Catalina and Mojave, and in iOS/iPadOS 14.4. Exploitation requires processing a maliciously crafted image, potenti...

CVE-2021-1818

CVE-2021-1818 is a logic‑level issue in Apple OS components that Apple fixed across macOS Big Sur 11.2, macOS Security Update 2021‑001 for Catalina and Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, and iPadOS 14.4. Root cause: improved state management addressing a logic flaw. Impact: remote attacker...

CVE-2021-1761

CVE-2021-1761 affects macOS and related Apple platforms; a remote attacker could cause a denial of service. The issue is fixed in macOS Big Sur 11.2 and Security Update 2021-001 Catalina, Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Apple’s advisories (HT212147/HT212149/HT212146) con...

CVE-2021-30919

CVE-2021-30919: An out-of-bounds write in processing a maliciously crafted PDF may lead to arbitrary code execution. Affected components relate to Apple platforms including iOS/iPadOS, macOS, tvOS and watchOS. The issue was addressed by input validation improvements and is fixed in iOS 15.1/iPadO...

CVE-2021-1793

CVE-2021-1793 affects Apple devices running macOS Big Sur 11.2, Catalina 10.15.x (Security Update 2021-001), Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. The issue involves processing a maliciously crafted image that may lead to arbitrary code execution; Apple’s updates fix the vulne...

CVE-2019-8706

CVE-2019-8706 is a memory corruption issue in Apple’s audio stack (CoreAudio) that is triggered by processing a maliciously crafted audio file. Root cause: memory corruption in the audio processing path. Affected: macOS/macOS Catalina, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6; fixes implement...

CVE-2021-30916

CVE-2021-30916 is a memory corruption vulnerability in Apple’s Kernel that could allow a malicious app to execute arbitrary code with kernel privileges. The initial description notes fixes in iOS 15.1/iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1/iPadOS 14.8.1, Security Update 2021-007 Catalina,...

CVE-2021-30917

CVE-2021-30917 describes a memory corruption issue in the processing of ICC profiles in Apple software. The vulnerability is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, and macOS Big Sur 11.6.1....

CVE-2021-30907

CVE-2021-30907 is observed in connected documents as an elevation-of-privileges issue affecting Apple watchOS, specifically the Audio component. The vulnerability can be exploited by a malicious application locally, requiring a single authentication step. Initial description notes an integer over...

CVE-2021-30903

CVE-2021-30903 affects Apple iOS/iPadOS (and macOS Monterey 12.0.1). The issue is triggered locally and may cause unexpected termination or arbitrary code execution. Affected component is Continuity Camera on Apple devices. Remediation is via updates: iOS 14.8.1/iPadOS 14.8.1, iOS 15.1/iPadOS 15....

CVE-2021-30909

CVE-2021-30909 describes a memory corruption issue in Apple’s kernel that could allow an attacker to execute arbitrary code with kernel privileges. The initial document indicates fixes in macOS Monterey 12.0.1 (and Security Update 2021-007 Catalina), iOS 15.1/iPadOS 15.1, iOS 14.8.1/iPadOS 14.8.1...

CVE-2019-8751

Summary of CVE-2019-8751 (Apple WebKit/WebKit-Engine) : This CVE corresponds to memory corruption vulnerabilities in WebKit that could be triggered by processing malicious web content, potentially allowing arbitrary code execution. Apple’s security content ties CVE-2019-8751 to Safari/WebKit comp...

CVE-2021-30918

CVE-2021-30918 affects Apple iOS/iPadOS lock screen: a flaw in lock-screen state management could allow viewing restricted content. Apple fixed it in iOS 14.8.1/iPadOS 14.8.1 and iOS 15.0.1/iPadOS 15.0.1. The NVD notes a low-severity impact with local access and no authentication required for exp...

CVE-2019-8752

CVE-2019-8752 is a memory corruption issue in WebKit that affects Safari and related Apple platforms (Safari/WebKit stack handling malicious web content). The root cause is memory corruption in WebKit components, with the published impact: arbitrary code execution if a user visits a maliciously c...