Page 3 of 312 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

12 May 2025 — This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

12 May 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

12 May 2025 — The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen. iPadOS 17.7.7 addresses code execution, double free, information leakage, integer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-287: Improper Authentication •

CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0

12 May 2025 — The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio... • https://support.apple.com/en-us/122404 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

12 May 2025 — A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results. iOS 18.5 and iPadOS 18.5 addresses code execution, double free, integer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

12 May 2025 — The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that ... • https://support.apple.com/en-us/122404 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

12 May 2025 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vect... • https://support.apple.com/en-us/122404 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

12 May 2025 — The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin. A flaw was found in WebKitGTK. A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized disclosure of information. • https://support.apple.com/en-us/122404 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0

12 May 2025 — This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122373 • CWE-862: Missing Authorization •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

12 May 2025 — The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •