CVE-2024-40864: An attacker in a privileged network position can track a user’s activity.
Affects Apple Account |
| |
|
|
|
|
|
|
x |
x |
|
|
CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects WebKit |
| |
|
|
x |
|
|
|
|
|
|
|
CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects WebKit |
| |
|
|
x |
|
|
|
|
|
|
|
CVE-2024-54533: An app may be able to access sensitive user data.
Affects Spotlight |
| |
|
|
|
|
|
|
x |
x |
|
|
CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption.
Affects WebKit |
| |
|
|
x |
|
|
|
|
|
|
|
CVE-2025-24093: An app may be able to access removable volumes without user consent.
Affects Sandbox |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24095: An app may be able to bypass Privacy preferences.
Affects RepairKit |
| |
|
x |
|
|
|
|
|
|
|
x |
CVE-2025-24097: An app may be able to read arbitrary file metadata.
Affects AirDrop |
| |
|
x |
|
|
|
x |
x |
|
x |
|
CVE-2025-24113: Visiting a malicious website may lead to user interface spoofing.
Affects Safari |
| x |
|
x |
x |
|
|
x |
|
|
|
x |
CVE-2025-24139: Parsing a maliciously crafted file may lead to an unexpected app termination.
Affects sips |
| |
|
|
|
|
|
|
|
x |
|
|
CVE-2025-24148: A malicious JAR file may bypass Gatekeeper checks.
Affects LaunchServices |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24157: An app may be able to cause unexpected system termination or corrupt kernel memory.
Affects Xsan |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24163: Parsing a file may lead to an unexpected app termination.
Affects CoreAudio |
| |
|
x |
|
|
|
x |
|
|
x |
x |
CVE-2025-24164: An app may be able to modify protected parts of the file system.
Affects PackageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24167: A download’s origin may be incorrectly associated.
Affects Safari |
| x |
|
x |
|
|
|
x |
|
|
|
|
CVE-2025-24170: An app may be able to gain root privileges.
Affects CoreServices |
| |
|
|
|
|
|
|
x |
x |
|
|
CVE-2025-24172: “Block All Remote Content” may not apply for all mail previews.
Affects Mail |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24173: An app may be able to break out of its sandbox.
Affects Power Services |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24178: An app may be able to break out of its sandbox.
Affects libxpc |
| |
|
x |
x |
|
|
x |
x |
x |
x |
|
CVE-2025-24180: A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.
Affects Authentication Services |
| x |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-24181: An app may be able to access protected user data.
Affects Sandbox |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24182: Processing a maliciously crafted font may result in the disclosure of process memory.
Affects CoreText |
| |
|
x |
|
|
|
x |
|
|
x |
x |
CVE-2025-24190: Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
Affects CoreMedia |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24191: An app may be able to modify protected parts of the file system.
Affects RPAC |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24192: Visiting a website may leak sensitive data.
Affects Web Extensions |
| x |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-24193: An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.
Affects MobileLockdown |
| |
|
x |
|
|
|
|
|
|
|
|
CVE-2025-24194: Processing maliciously crafted web content may result in the disclosure of process memory.
Affects libnetcore |
| |
|
x |
|
|
|
x |
|
|
x |
x |
CVE-2025-24195: A user may be able to elevate privileges.
Affects Libinfo |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24196: An attacker with user privileges may be able to read kernel memory.
Affects Kernel |
| |
|
|
|
|
|
x |
x |
|
|
|
CVE-2025-24198: An attacker with physical access may be able to use Siri to access sensitive user data.
Affects Siri |
| |
|
x |
x |
|
|
x |
x |
x |
|
|
CVE-2025-24199: An app may be able to cause a denial-of-service.
Affects Foundation |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24200: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals..
Affects Accessibility |
| |
|
|
|
x |
x |
|
|
|
|
|
CVE-2025-24201: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Affects WebKit |
| |
|
|
|
x |
x |
|
|
|
|
|
CVE-2025-24202: An app may be able to access sensitive user data.
Affects Accessibility |
| |
|
x |
|
|
|
x |
|
|
|
|
CVE-2025-24203: An app may be able to modify protected parts of the file system.
Affects Kernel |
| |
|
|
x |
|
|
x |
x |
x |
|
|
CVE-2025-24204: An app may be able to access protected user data.
Affects Kernel |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24205: An app may be able to access user-sensitive data.
Affects Siri |
| |
|
x |
x |
|
|
x |
x |
x |
|
|
CVE-2025-24207: An app may be able to enable iCloud storage features without user consent.
Affects Storage Management |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24208: Loading a malicious iframe may lead to a cross-site scripting attack.
Affects WebKit |
| x |
|
x |
|
|
|
|
|
|
|
|
CVE-2025-24209: Processing maliciously crafted web content may lead to an unexpected process crash.
Affects WebKit |
| x |
|
x |
x |
|
|
x |
|
|
x |
|
CVE-2025-24210: Parsing an image may lead to disclosure of user information.
Affects ImageIO |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24211: Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
Affects CoreMedia |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24212: An app may be able to break out of its sandbox.
Affects Calendar |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24213: A type confusion issue could lead to memory corruption.
Affects WebKit |
| x |
|
x |
x |
|
|
x |
|
|
x |
|
CVE-2025-24214: An app may be able to access sensitive user data.
Affects Siri |
| |
|
x |
|
|
|
x |
|
|
x |
x |
CVE-2025-24215: A malicious app may be able to access private information.
Affects CloudKit |
| |
|
|
x |
|
|
x |
x |
x |
|
|
CVE-2025-24216: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects WebKit |
| x |
|
x |
|
|
|
x |
|
|
x |
x |
CVE-2025-24217: An app may be able to access sensitive user data.
Affects Siri |
| |
|
x |
|
|
|
x |
|
|
x |
|
CVE-2025-24218: An app may be able to access information about a user’s contacts.
Affects Summarization Services |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24221: Sensitive keychain data may be accessible from an iOS backup.
Affects Accounts |
| |
|
x |
x |
|
|
|
|
|
|
x |
CVE-2025-24226: A malicious app may be able to access private information.
Affects IDE Assets |
| |
x |
|
|
|
|
|
|
|
|
|
CVE-2025-24228: An app may be able to execute arbitrary code with kernel privileges.
Affects SMB |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24229: A sandboxed app may be able to access sensitive user data.
Affects Installer |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24230: Playing a malicious audio file may lead to an unexpected app termination.
Affects CoreAudio |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24231: An app may be able to modify protected parts of the file system.
Affects Software Update |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24232: A malicious app may be able to access arbitrary files.
Affects NSDocument |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24233: A malicious app may be able to read or write to protected files.
Affects AppleMobileFileIntegrity |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24234: A malicious app may be able to gain root privileges.
Affects AccountPolicy |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24235: A remote attacker may be able to cause unexpected app termination or heap corruption.
Affects Kerberos Helper |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24236: An app may be able to access sensitive user data.
Affects CoreMedia |
| |
|
|
|
|
|
x |
x |
|
|
|
CVE-2025-24237: An app may be able to cause unexpected system termination.
Affects BiometricKit |
| |
|
x |
x |
|
|
x |
x |
x |
|
x |
CVE-2025-24238: An app may be able to gain elevated privileges.
Affects libxpc |
| |
|
x |
|
|
|
x |
x |
x |
x |
|
CVE-2025-24239: An app may be able to access protected user data.
Affects AppleMobileFileIntegrity |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24240: An app may be able to access user-sensitive data.
Affects StorageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24241: An app may be able to trick a user into copying sensitive data to the pasteboard.
Affects WindowServer |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24242: An app with root privileges may be able to access private information.
Affects System Settings |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24243: Processing a maliciously crafted file may lead to arbitrary code execution.
Affects Audio |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-24244: Processing a maliciously crafted font may result in the disclosure of process memory.
Affects Audio |
| |
|
x |
x |
|
|
x |
x |
x |
x |
|
CVE-2025-24245: A malicious app may be able to access a user’s saved passwords.
Affects Authentication Services |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24246: An app may be able to access user-sensitive data.
Affects OpenSSH |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24247: An attacker may be able to cause unexpected app termination.
Affects WindowServer |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24248: An app may be able to enumerate devices that have signed into the user’s Apple Account.
Affects Siri |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24249: An app may be able to check the existence of an arbitrary path on the file system.
Affects Installer |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24250: A malicious app acting as a HTTPS proxy could get access to sensitive user data.
Affects Security |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24253: An app may be able to access protected user data.
Affects StorageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24254: A user may be able to elevate privileges.
Affects Software Update |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24255: An app may be able to break out of its sandbox.
Affects Disk Images |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24256: An app may be able to disclose kernel memory.
Affects GPU Drivers |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24257: An app may be able to cause unexpected system termination or write kernel memory.
Affects IOGPUFamily |
| |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-24259: An app may be able to retrieve Safari bookmarks without an entitlement check.
Affects Parental Controls |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24260: An attacker in a privileged position may be able to perform a denial-of-service.
Affects smbx |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24261: An app may be able to modify protected parts of the file system.
Affects PackageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24262: A sandboxed app may be able to access sensitive user data in system logs.
Affects Notes |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24263: An app may be able to observe unprotected user data.
Affects StickerKit |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24264: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects WebKit |
| |
|
|
x |
|
|
|
|
|
|
|
CVE-2025-24265: An app may be able to cause unexpected system termination.
Affects Xsan |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24266: An app may be able to cause unexpected system termination.
Affects Xsan |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24267: An app may be able to gain root privileges.
Affects DiskArbitration |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24269: An app may be able to cause unexpected system termination.
Affects SMB |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24272: An app may be able to modify protected parts of the file system.
Affects AppleMobileFileIntegrity |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24273: An app may be able to cause unexpected system termination or corrupt kernel memory.
Affects GPU Drivers |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24276: A malicious app may be able to access private information.
Affects App Store |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24277: An app may be able to gain root privileges.
Affects Crash Reporter |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24278: An app may be able to access protected user data.
Affects System Settings |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24279: An app may be able to access contacts.
Affects Voice Control |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-24280: An app may be able to access user-sensitive data.
Affects Shortcuts |
| |
|
|
|
|
|
x |
x |
|
|
|
CVE-2025-24281: An app may be able to access sensitive user data.
Affects FeedbackLogger |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24282: An app may be able to modify protected parts of the file system.
Affects Software Update |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-24283: An app may be able to access sensitive user data.
Affects Focus |
| |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-30424: Deleting a conversation in Messages may expose user contact information in system logging.
Affects Photos Storage |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30425: A malicious website may be able to track users in Safari private browsing mode.
Affects WebKit |
| x |
|
x |
x |
|
|
x |
|
|
x |
|
CVE-2025-30426: An app may be able to enumerate a user’s installed apps.
Affects NetworkExtension |
| |
|
x |
x |
|
|
x |
|
|
x |
x |
CVE-2025-30427: Processing maliciously crafted web content may lead to an unexpected Safari crash.
Affects WebKit |
| x |
|
x |
x |
|
|
x |
|
|
x |
x |
CVE-2025-30428: Photos in the Hidden Photos Album may be viewed without authentication.
Affects Photos |
| |
|
x |
x |
|
|
|
|
|
|
|
CVE-2025-30429: An app may be able to break out of its sandbox.
Affects Calendar |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-30430: Password autofill may fill in passwords after failing authentication.
Affects Authentication Services |
| |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-30432: A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
Affects Kernel |
| |
|
x |
x |
|
|
|
x |
x |
x |
x |
CVE-2025-30433: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
Affects Shortcuts |
| |
|
x |
x |
|
|
x |
x |
x |
|
x |
CVE-2025-30434: Processing a maliciously crafted file may lead to a cross site scripting attack.
Affects Journal |
| |
|
x |
|
|
|
|
|
|
|
|
CVE-2025-30435: A sandboxed app may be able to access sensitive user data in system logs.
Affects Siri |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-30437: An app may be able to corrupt coprocessor memory.
Affects IOMobileFrameBuffer |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-30438: A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
Affects Share Sheet |
| |
|
x |
|
|
|
x |
x |
x |
x |
x |
CVE-2025-30439: An attacker with physical access to a locked device may be able to view sensitive user information.
Affects Focus |
| |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-30441: An app may be able to overwrite arbitrary files.
Affects Instruments |
| |
x |
|
|
|
|
|
|
|
|
|
CVE-2025-30443: An app may be able to access user-sensitive data.
Affects AppleMobileFileIntegrity |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30444: Mounting a maliciously crafted SMB network share may lead to system termination.
Affects SMB |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30446: A malicious app with root privileges may be able to modify the contents of system files.
Affects PackageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30447: An app may be able to access sensitive user data.
Affects Foundation |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-30449: An app may be able to gain root privileges.
Affects StorageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30450: An app may be able to access sensitive user data.
Affects manpages |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30451: An app may be able to access sensitive user data.
Affects FaceTime |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-30452: An input validation issue was addressed.
Affects Sandbox |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30454: A malicious app may be able to access private information.
Affects CoreMedia Playback |
| |
|
x |
|
|
|
x |
x |
|
x |
|
CVE-2025-30455: A malicious app may be able to access private information.
Affects Dock |
| |
|
|
|
|
|
x |
x |
|
|
|
CVE-2025-30456: An app may be able to gain root privileges.
Affects DiskArbitration |
| |
|
x |
|
|
|
x |
x |
x |
|
|
CVE-2025-30457: A malicious app may be able to create symlinks to protected regions of the disk.
Affects SystemMigration |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30458: An app may be able to read files outside of its sandbox.
Affects SceneKit |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-30460: An app may be able to access protected user data.
Affects Automator |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30461: An app may be able to access protected user data.
Affects Foundation |
| |
|
|
|
|
|
x |
|
|
|
|
CVE-2025-30462: Apps that appear to use App Sandbox may be able to launch without restrictions.
Affects dyld |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-30463: An app may be able to access sensitive user data.
Affects Handoff |
| |
|
x |
|
|
|
x |
|
|
|
|
CVE-2025-30464: An app may be able to cause unexpected system termination or corrupt kernel memory.
Affects GPU Drivers |
| |
|
|
|
|
|
|
x |
x |
|
|
CVE-2025-30465: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
Affects Shortcuts |
| |
|
|
x |
|
|
x |
x |
x |
|
|
CVE-2025-30467: Visiting a malicious website may lead to address bar spoofing.
Affects Safari |
| x |
|
x |
|
|
|
x |
|
|
|
|
CVE-2025-30469: A person with physical access to an iOS device may be able to access photos from the lock screen.
Affects Photos |
| |
|
x |
|
|
|
|
|
|
|
|
CVE-2025-30470: An app may be able to read sensitive location information.
Affects Maps |
| |
|
x |
|
|
|
x |
x |
x |
|
x |
CVE-2025-30471: A remote user may be able to cause a denial-of-service.
Affects Security |
| |
|
x |
x |
|
|
x |
x |
x |
x |
x |
CVE-2025-31182: An app may be able to delete files for which it does not have permission.
Affects libxpc |
| |
|
x |
|
|
|
x |
x |
x |
x |
x |
CVE-2025-31183: An app may be able to access sensitive user data.
Affects Siri |
| |
|
x |
|
|
|
x |
x |
|
x |
|
CVE-2025-31184: An app may gain unauthorized access to Local Network.
Affects Web Extensions |
| x |
|
x |
|
|
|
x |
|
|
|
x |
CVE-2025-31187: An app may be able to modify protected parts of the file system.
Affects Dock |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-31188: An app may be able to bypass Privacy preferences.
Affects StorageKit |
| |
|
|
|
|
|
x |
x |
x |
|
|
CVE-2025-31191: An app may be able to access sensitive user data.
Affects CoreServices |
| |
|
x |
|
|
|
x |
x |
x |
x |
|
CVE-2025-31192: A website may be able to access sensor information without user consent.
Affects Safari |
| x |
|
x |
|
|
|
x |
|
|
|
|
CVE-2025-31194: A Shortcut may run with admin privileges without authentication.
Affects Shortcuts |
| |
|
|
|
|
|
x |
x |
x |
|
|
