Filtered by vendor Apple
Subscriptions
Filtered by product Ios
Subscriptions
Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43213 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-11-03 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2025-43209 | 1 Apple | 10 Ios, Ipados, Iphone Os and 7 more | 2025-11-03 | 9.8 Critical |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, visionOS 2.6, macOS Ventura 13.7.7. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2025-43186 | 1 Apple | 10 Ios, Ipados, Iphone Os and 7 more | 2025-11-03 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6, macOS Ventura 13.7.7. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2025-31281 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-03 | 9.1 Critical |
| An input validation issue was addressed with improved memory handling. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2025-31277 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-11-03 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-31276 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-11-03 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | ||||
| CVE-2025-24224 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-11-03 | 7.5 High |
| The issue was addressed with improved checks. This issue is fixed in tvOS 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5, macOS Ventura 13.7.7. A remote attacker may be able to cause unexpected system termination. | ||||
| CVE-2025-43224 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-03 | 7.1 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43221 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-03 | 7.1 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, visionOS 2.6, tvOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-55029 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2025-10-30 | 7.5 High |
| Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142. | ||||
| CVE-2025-55028 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2025-10-30 | 6.5 Medium |
| Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142. | ||||
| CVE-2025-55030 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2025-10-30 | 6.1 Medium |
| Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS < 142. | ||||
| CVE-2025-10859 | 2 Apple, Mozilla | 3 Ios, Firefox, Firefox For Ios | 2025-10-30 | 4 Medium |
| Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1. | ||||
| CVE-2025-10290 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.5 Medium |
| Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press This vulnerability affects Focus for iOS < 143.0. | ||||
| CVE-2025-55031 | 2 Apple, Mozilla | 5 Ios, Firefox, Firefox Focus and 2 more | 2025-10-30 | 9.8 Critical |
| Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142. | ||||
| CVE-2025-55033 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2025-55032 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2025-43200 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-10-30 | 4.2 Medium |
| This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | ||||
| CVE-2025-55177 | 3 Apple, Facebook, Whatsapp | 7 Ios, Macos, Facebook and 4 more | 2025-10-24 | 5.4 Medium |
| Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. | ||||
| CVE-2025-43282 | 1 Apple | 13 Ios, Ipad Os, Ipados and 10 more | 2025-10-21 | 5.5 Medium |
| A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination. | ||||