Total
4260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27426 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2026-04-13 | N/A | 5.4 MEDIUM |
| Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136. | |||||
| CVE-2025-27425 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2026-04-13 | N/A | 4.3 MEDIUM |
| Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136. | |||||
| CVE-2025-27424 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2026-04-13 | N/A | 4.3 MEDIUM |
| Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136. | |||||
| CVE-2026-30867 | 2 Apple, Emqx | 3 Iphone Os, Macos, Cocoamqtt | 2026-04-07 | N/A | 5.7 MEDIUM |
| CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a compromised/malicious MQTT broker) to remotely crash the host iOS/macOS/tvOS application. If an attacker publishes the 4-byte malformed payload to a shared topic with the RETAIN flag set to true, the MQTT broker will persist the payload. Any time a vulnerable client connects and subscribes to that topic, the broker will automatically push the malformed packet. The app will instantly crash in the background before the user can even interact with it. This effectively "bricks" the mobile application (a persistent DoS) until the retained message is manually wiped from the broker database. This issue has been patched in version 2.2.2. | |||||
| CVE-2025-43210 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 6.3 MEDIUM |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-43202 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-03 | N/A | 8.8 HIGH |
| This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption. | |||||
| CVE-2025-31200 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1. | |||||
| CVE-2025-31201 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-03 | N/A | 9.8 CRITICAL |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. | |||||
| CVE-2025-31277 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-03 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-43200 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-03 | N/A | 4.2 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | |||||
| CVE-2025-43300 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-03 | N/A | 10.0 CRITICAL |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | |||||
| CVE-2025-43510 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes. | |||||
| CVE-2025-43520 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 5.5 MEDIUM |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2025-43529 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-03 | N/A | 8.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report. | |||||
| CVE-2025-24201 | 2 Apple, Debian | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-03 | N/A | 10.0 CRITICAL |
| An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.). | |||||
| CVE-2025-24200 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-03 | N/A | 6.1 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | |||||
| CVE-2025-24085 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 10.0 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. | |||||
| CVE-2024-44309 | 2 Apple, Debian | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 6.3 MEDIUM |
| A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | |||||
| CVE-2024-44308 | 2 Apple, Debian | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | |||||
| CVE-2024-23296 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-03 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | |||||