Lucene search
K
AppleVisionos

434 matches found

CVE
CVE
added 2024/05/13 11:0 p.m.863 views

CVE-2024-27804

CVE-2024-27804 affects Apple platforms (iOS 17.5/iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5). The issue is described as improved memory handling that may allow an app to execute arbitrary code with kernel privileges. Affected component/behavior: memory handling in the kernel space. I...

8.1CVSS7.3AI score0.01325EPSS
CVE
CVE
added 2025/07/15 1:44 p.m.846 views

CVE-2025-6965

CVE-2025-6965 affects SQLite prior to 3.50.2, where the number of aggregate terms could exceed available columns, causing a memory corruption issue. The description in the Initial document notes upgrading to 3.50.2 or newer as the recommended fix. Connected documents corroborate the vulnerability...

7.7CVSS6.6AI score0.73495EPSS
CVE
CVE
added 2025/12/12 7:20 p.m.654 views

CVE-2025-14174

CVE-2025-14174 = Out-of-bounds memory access in ANGLE within Google Chrome on macOS prior to 143.0.7499.110. A remote attacker could trigger memory access errors via a crafted HTML page. Affected software: Google Chrome on macOS; vulnerable component: ANGLE. Impact: high enough to potentially ena...

8.8CVSS6.2AI score0.22359EPSS
In wild
CVE
CVE
added 2024/01/23 12:25 a.m.569 views

CVE-2024-23222

Summary (CVE-2024-23222) : A type confusion vulnerability in Apple WebKit leads to arbitrary code execution when processing malicious web content. The issue affects multiple Apple platforms and is fixed in versions listed by the sources: iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, and...

8.8CVSS7.5AI score0.10593EPSS
In wild
CVE
CVE
added 2025/03/11 6:7 p.m.558 views

CVE-2025-24201

CVE-2025-24201 is a WebKit/WebKitGTK issue described in connected advisories as an out-of-bounds write that allowed breaking out of the Web Content sandbox. Root cause: out-of-bounds write in WebKit. Impact: potential sandbox breakout affecting Apple WebKit-based products (Safari, iOS/iPadOS 18.x...

10CVSS7.2AI score0.0424EPSS
In wildWeb
CVE
CVE
added 2025/01/27 9:45 p.m.502 views

CVE-2025-24158

CVE-2025-24158 is a memory-handling issue in WebKitGTK/WebKit2GTK that may allow processing web content to cause a denial-of-service. Remediations are versioned updates: for WebKitGTK/WebKit2GTK we see fixes in Debian (webkit2gtk 2.46.6-1~deb12u1 / 2.46.6-1~deb11u1) and in AL2/AL8 advisories (web...

6.5CVSS6.9AI score0.01327EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.459 views

CVE-2025-24159

Summary: CVE-2025-24159 is a kernel-level validation issue that may allow an app to execute arbitrary code with kernel privileges. Affected platforms (per provided docs): iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Impac...

7.8CVSS7.5AI score0.00326EPSS
CVE
CVE
added 2025/11/04 1:15 a.m.424 views

CVE-2025-43413

CVE-2025-43413 describes an access issue whereby a sandboxed app could observe system-wide network connections. Apple fixed this by applying additional sandbox restrictions in multiple platforms and versions: tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7....

7.5CVSS6.5AI score0.00567EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.415 views

CVE-2025-24154

CVE-2025-24154 is an out-of-bounds write that Apple fixed by improving input validation. Affected OS versions include macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3. The issue could allow an attacker to cause an unexpected system termination...

9.1CVSS7.1AI score0.01134EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.406 views

CVE-2025-24149

CVE-2025-24149 is an out-of-bounds read resolved by Apple through improved bounds checking. Affected products/versions include iPadOS 17.7.4, iOS 18.3; macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3; visionOS 2.3; watchOS 11.3; and tvOS 18.3. The issue could lead to disclosure of u...

5.5CVSS6.6AI score0.00327EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.402 views

CVE-2025-24085

CVE-2025-24085 is a use-after-free in CoreMedia that could allow privilege escalation. It affects Apple platforms (visionOS, iOS, iPadOS, macOS, watchOS, tvOS) and is fixed in the following releases: visionOS 2.3; iOS 18.3; iPadOS 18.3; macOS Sequoia 15.3; watchOS 11.3; tvOS 18.3. The associated ...

10CVSS7.2AI score0.18668EPSS
In wild
CVE
CVE
added 2025/01/27 9:45 p.m.395 views

CVE-2025-24123

CVE-2025-24123 affects multiple Apple OSes where parsing a file could cause an unexpected app termination. According to the document, the issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS ...

6.5CVSS7.2AI score0.00683EPSS
CVE
CVE
added 2024/03/05 7:24 p.m.386 views

CVE-2024-23225

CVE-2024-23225 is a memory-corruption vulnerability in Apple’s kernel that could allow an attacker with local access and kernel read/write capabilities to bypass kernel memory protections. The issue is addressed by patches in iOS 16.7.6 / iPadOS 16.7.6 and iOS 17.4 / iPadOS 17.4. Apple’s advisory...

7.8CVSS7.3AI score0.01481EPSS
In wild
CVE
CVE
added 2024/11/19 11:43 p.m.374 views

CVE-2024-44308

CVE-2024-44308 affects WebKit-derived components (Apple WebKit in Safari and WebKitGTK/WebKit2GTK for Linux). The issue, caused by improper handling of maliciously crafted web content, can lead to arbitrary code execution. Public details in the Apple advisory cite a fix in Safari 18.1.1, iOS 18.1...

8.8CVSS7.4AI score0.09186EPSS
In wild
CVE
CVE
added 2025/04/16 6:24 p.m.362 views

CVE-2025-31200

CVE-2025-31200 affects Apple’s CoreAudio, specifically the AudioConverterService AAC decoder, where a memory corruption issue can lead to code execution when processing a malicious audio stream. Affected products include iOS, iPadOS, macOS, and related OSes prior to the patch, with fixes implemen...

9.8CVSS7.3AI score0.21922EPSS
In wild
CVE
CVE
added 2025/01/27 9:46 p.m.345 views

CVE-2024-54478

CVE-2024-54478 is an out-of-bounds access vulnerability in Apple’s ICU component that affects multiple Apple platforms. The issue arises when processing malicious web content, potentially causing an unexpected process crash. Affected products include iPadOS, iPadOS 18.2, iOS 18.2, visionOS, tvOS,...

6.5CVSS7.1AI score0.00579EPSS
CVE
CVE
added 2025/04/29 2:5 a.m.344 views

CVE-2025-24252

CVE-2025-24252 is a use-after-free vulnerability in Apple’s AirPlay ecosystem that has multiple PoCs and public PoCs outlining crash/RCe and sandbox-escape chains. Public materials describe a local-network attacker potentially exploiting mDNS/AirPlay services to trigger remote code execution or s...

8.8CVSS7.3AI score0.0127EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.310 views

CVE-2025-24124

CVE-2025-24124 affects several Apple platforms. The vulnerability involves a parsing issue that may cause an unexpected app termination. Mitigation is available via updates: iPadOS 17.7.4, iOS 18.3, iPadOS 18.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, visionOS 2.3, watchOS ...

5.5CVSS7.2AI score0.00313EPSS
CVE
CVE
added 2025/07/15 6:12 p.m.301 views

CVE-2025-6558

CVE-2025-6558 involves insufficient validation of untrusted input in ANGLE and GPU within Google Chrome, enabling a remote attacker to potentially escape the sandbox via a crafted HTML page. Connected sources specify Chrome components ANGLE and GPU as affected, with the patch previously shipped i...

8.8CVSS6.1AI score0.09185EPSS
In wild
CVE
CVE
added 2024/11/19 11:43 p.m.291 views

CVE-2024-44309

CVE-2024-44309 concerns a cookie management issue in Apple environments. The root cause is improper state management that can enable cross-site scripting when processing malicious web content. Affected products/versions include Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 1...

6.3CVSS6.6AI score0.22728EPSS
In wild
CVE
CVE
added 2024/03/05 7:24 p.m.285 views

CVE-2024-23296

CVE-2024-23296 is associated with RTKit in Apple platforms (notably macOS Monterey lineage in the Apple security content). The vulnerability is described as a memory corruption issue that could allow an attacker with kernel read/write capability to bypass kernel memory protections. Apple’s note i...

7.8CVSS7.3AI score0.01411EPSS
In wild
CVE
CVE
added 2025/06/16 9:36 p.m.279 views

CVE-2025-43200

Apple CVE-2025-43200 is a logic issue in processing a maliciously crafted photo or video shared via an iCloud Link that affects iOS, iPadOS, macOS, watchOS, and visionOS. The issue has been fixed in a broad set of updates (watchOS 11.3.1; macOS Ventura 13.7.4; iOS 15.8.4, 16.7.11, 17.7.5, 18.3.1;...

4.2CVSS6.5AI score0.01009EPSS
In wild
CVE
CVE
added 2025/03/20 11:53 p.m.275 views

CVE-2024-54551

CVE-2024-54551 is a denial-of-service vulnerability in web content processing within WebKit-based components. The connected documents indicate the issue is addressed by memory-handling improvements and fixes in specific Apple platforms: watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, vis...

7.5CVSS6.9AI score0.00593EPSS
CVE
CVE
added 2025/02/10 6:9 p.m.268 views

CVE-2024-54658

CVE-2024-54658 is a memory-handling issue in processing web content that can lead to a denial-of-service. The primary public description states the fix is in Apple software: iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, and macOS Sonoma 14.4. The vulnerability is m...

6.5CVSS6.9AI score0.00521EPSS
CVE
CVE
added 2025/04/16 6:24 p.m.258 views

CVE-2025-31201

CVE-2025-31201 is an Apple vulnerability that enables an attacker with arbitrary read/write capability to bypass Pointer Authentication. The issue is tied to the RPAC path and is fixed in iOS/iPadOS 18.4.1, tvOS 18.4.1, visionOS 2.4.1, and macOS Sequoia 15.4.1. Public records note high severity (...

9.8CVSS7.3AI score0.12763EPSS
In wild
CVE
CVE
added 2025/05/12 9:42 p.m.249 views

CVE-2025-31205

CVE-2025-31205 targets WebKitGTK/WebKit components across multiple platforms. Affected: WebKitGTK/WebKit-based browsers using the GTK toolkit; vulnerability allows a malicious website to exfiltrate data cross-origin. Root cause: cross-origin data leakage via processing/execution paths in web cont...

6.5CVSS6.8AI score0.00383EPSS
CVE
CVE
added 2025/01/27 9:46 p.m.232 views

CVE-2025-24126

CVE-2025-24126 describes an input validation issue in AirPlay across Apple platforms. The vulnerability allows a local-network actor to cause an unexpected termination or memory corruption. Patches are provided in visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18....

9.8CVSS7.1AI score0.0133EPSS
CVE
CVE
added 2024/12/11 10:58 p.m.210 views

CVE-2024-54534

CVE-2024-54534 is an Apple memory-corruption issue triggered by processing malicious web content. Public details in connected documents show the vulnerability affects multiple Apple platforms (watchOS, visionOS, tvOS, macOS, Safari, iOS, iPadOS) and is mitigated by memory-management fixes. Fixed ...

9.8CVSS7.1AI score0.01061EPSS
CVE
CVE
added 2025/03/31 10:24 p.m.204 views

CVE-2025-30427

CVE-2025-30427 is a use-after-free vulnerability in processing maliciously crafted web content that may lead to an unexpected Safari crash. Affected in multiple Apple platforms; fixes are implemented in visionOS 2.4, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, and Safari 18.4. Debian...

4.3CVSS6.8AI score0.00763EPSS
CVE
CVE
added 2025/12/17 8:46 p.m.204 views

CVE-2025-43529

CVE-2025-43529 is a WebKitGTK use-after-free vulnerability. The connected advisories show WebKitGTK/WebKit issues (CVE-2025-43529) causing memory corruption or DoS via processing crafted web content, with the AL2 advisories listing affected package webkitgtk4 and a fix in webkitgtk4-2.50.4-1.amzn...

8.8CVSS7.4AI score0.08439EPSS
In wild
CVE
CVE
added 2024/03/08 1:36 a.m.200 views

CVE-2024-23286

CVE-2024-23286 concerns a buffer overflow fix tied to memory handling in Apple platforms. Affected components/versions (as stated): macOS Monterey 12.7.4; macOS Ventura 13.6.5; macOS Sonoma 14.4; visionOS 1.1; iOS 17.4 and iPadOS 17.4; watchOS 10.4; iOS 16.7.6 and iPadOS 16.7.6; tvOS 17.4. Underl...

9.8CVSS7AI score0.01247EPSS
CVE
CVE
added 2025/05/12 9:43 p.m.200 views

CVE-2025-31257

CVE-2025-31257 affects WebKit/WebKitGTK components used by Safari across Apple platforms. The issue is described as a memory handling problem that may cause a crash when processing maliciously crafted web content. Concrete fixes exist in watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequo...

4.7CVSS6.8AI score0.01028EPSS
CVE
CVE
added 2025/03/10 7:11 p.m.185 views

CVE-2024-44192

CVE-2024-44192 affects WebKitGTK/WebKitGTK4 (webkitgtk and webkitgtk4). The issue is described as processing maliciously crafted web content may lead to an unexpected process crash. Public reports in connected docs confirm Debian LTS (DLA-4218-1) fix WebKitGTK 2.48.3-1~deb11u1, and Amazon Linux/A...

6.5CVSS6.8AI score0.00409EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.180 views

CVE-2025-24162

CVE-2025-24162 is linked to WebKitGTK/WebKit-derived components in multiple platforms. Connected sources indicate the root cause is improved state management, addressing processing maliciously crafted web content that previously could cause an unexpected process crash. Affected products include v...

6.5CVSS6.9AI score0.00949EPSS
CVE
CVE
added 2025/03/31 10:22 p.m.170 views

CVE-2025-24216

CVE-2025-24216 is an Apple WebKit vulnerability: processing malicious web content may cause an unexpected Safari crash. Public records indicate fixes in visionOS 2.4, tvOS 18.4, iPadOS 18.4, iOS 18.4, macOS Sequoia 15.4, and Safari 18.4. The connected documents confirm this CVE within the WebKit/...

4.3CVSS6.8AI score0.00747EPSS
CVE
CVE
added 2025/03/31 10:23 p.m.170 views

CVE-2025-24264

CVE-2025-24264 affects WebKitGTK/WebKitGTK4: processing malicious web content may cause an unexpected crash in Safari; fixed in Apple platforms (visionOS 2.4, Safari 18.4, etc.) and in WebKitGTK packages across distros (Debian: webkit2gtk 2.48.x; Fedora/Amazon Linux advisories) by upgrading to pa...

9.8CVSS7.2AI score0.00858EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.156 views

CVE-2025-24163

CVE-2025-24163 affects Apple platforms and has been fixed in multiple OS updates (iOS/iPadOS 18.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, iPadOS 17.7.4, visionOS 2.3). The issue is described as: Parsing a file may lead to an unexpected app termination in CoreAudio. Conn...

5.5CVSS7.3AI score0.00435EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.151 views

CVE-2024-23284

CVE-2024-23284 concerns a logic issue in WebKitGTK/WebKit rendering where processing maliciously crafted web content may prevent Content Security Policy (CSP) from being enforced. The connected sources show the same vulnerability across multiple distributions (e.g., Debian webkit2gtk advisories a...

6.5CVSS6.9AI score0.01486EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.146 views

CVE-2024-23263

CVE-2024-23263 is a WebKitGTK/WebKitGTK4 vulnerability observed in multiple Linux package advisories (webkit2gtk, webkitgtk4) and Debian Fedora Amazon Linux updates. The issue arises from processing maliciously crafted web content that may prevent Content Security Policy from being enforced. Conn...

8.1CVSS6.9AI score0.01496EPSS
CVE
CVE
added 2024/09/16 11:23 p.m.146 views

CVE-2024-44187

Summary of CVE-2024-44187 (Cross-origin iframe data exfiltration) A cross-origin issue existed involving iframe elements in WebKitGTK/WebKit2GTK, allowing a malicious site to exfiltrate data across origins. The root cause is stated as inadequate tracking of security origins for iframes. Affected ...

6.5CVSS6.9AI score0.00638EPSS
CVE
CVE
added 2025/01/27 9:46 p.m.146 views

CVE-2024-54543

CVE-2024-54543 is a memory corruption flaw in WebKit when processing maliciously crafted web content. Apple’s advisories enumerate fixed products/versions: visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2. Connected sources (e.g., WebKit GTK deployment...

8.8CVSS7.1AI score0.00784EPSS
CVE
CVE
added 2025/01/15 7:35 p.m.143 views

CVE-2024-27856

CVE-2024-27856 affects the WebKitGTK/ WebKit component used by Apple platforms in the provided set (macOS, iOS, iPadOS, watchOS, tvOS, visionOS). The description across connected advisories states the issue can cause an unexpected app termination or arbitrary code execution when processing a file...

7.8CVSS7.3AI score0.00626EPSS
CVE
CVE
added 2024/03/08 1:35 a.m.142 views

CVE-2024-23226

CVE-2024-23226 affects Apple OS stack and is about improper memory handling during processing of web content, leading to arbitrary code execution. Connected advisories corroborate the issue and note fixes in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and tvOS 17.4. The ...

8.8CVSS7.4AI score0.01198EPSS
CVE
CVE
added 2024/12/11 10:57 p.m.141 views

CVE-2024-54479

CVE-2024-54479 is documented in Debian security advisories as affecting WebKitGTK/webkit2gtk, where processing maliciously crafted web content may lead to an unexpected process crash. Debian reports this under webkit2gtk in both Debian 11 (bookworm) and LTS context, fixed in webkit2gtk version 2....

7.5CVSS7.1AI score0.01595EPSS
CVE
CVE
added 2024/12/11 10:58 p.m.141 views

CVE-2024-54505

CVE-2024-54505 is a memory corruption vulnerability in WebKitGTK (WebKit2GTK) caused by a type confusion when processing malicious web content. Public advisories confirm fixes in WebKitGTK/WebKit packages: Debian 11 bullseye 2.46.5-1~deb11u1 and Debian 12 bookworm 2.46.5-1~deb12u1; AlmaLinux 8/9 ...

8.8CVSS7.1AI score0.01077EPSS
CVE
CVE
added 2025/05/19 4:0 p.m.134 views

CVE-2025-24189

CVE-2025-24189 is a memory corruption vulnerability in processing malicious web content that is fixed in Safari 18.3, visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 and tvOS 18.3. Affected WebKit components are the WebKitGTK/WebKitGTK4 family in Linux distributions (per SUS...

8.8CVSS7.1AI score0.00586EPSS
CVE
CVE
added 2025/01/27 9:46 p.m.133 views

CVE-2025-24143

CVE-2025-24143 is a fingerprinting vulnerability involving WebKit-derived components. The core issue appears to be insufficient access restrictions to the local file system, allowing a malicious webpage to fingerprint the user. Apple patched this in macOS Sequoia 15.3, Safari 18.3, iOS 18.3, iPad...

6.5CVSS6.8AI score0.00798EPSS
CVE
CVE
added 2024/03/08 1:36 a.m.132 views

CVE-2024-23254

CVE-2024-23254 concerns WebKit/WebKitGTK components where a malicious website could exfiltrate audio data cross-origin. The initial entry notes the issue is fixed in Apple platforms: tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and Safari 17.4. Public disclosur...

6.5CVSS6.9AI score0.01253EPSS
CVE
CVE
added 2024/12/11 10:58 p.m.132 views

CVE-2024-54502

CVE-2024-54502 is a WebKitGTK/WebKit-based issue where processing maliciously crafted web content could cause an unexpected process crash. Publicly provided connected documents confirm this CVE is discussed across multiple advisories and platforms, with fixes released in various vendor updates. A...

6.5CVSS6.9AI score0.14492EPSS
CVE
CVE
added 2024/12/11 10:58 p.m.130 views

CVE-2024-54508

CVE-2024-54508 affects WebKitGTK (webkit2gtk). The issue arises from processing maliciously crafted web content and can lead to an unexpected process crash; memory-related impact is also indicated in related entries. Public advisories confirm fixes in WebKitGTK/WebKit2GTK packages across distribu...

7.5CVSS6.9AI score0.00973EPSS
Total number of security vulnerabilities434