CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43454
https://notcve.org/view.php?id=CVE-2022-43454
10 Mar 2025 — A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/102741 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54558
https://notcve.org/view.php?id=CVE-2024-54558
10 Mar 2025 — A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. • https://support.apple.com/en-us/121238 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-54467 – webkitgtk: A malicious website may exfiltrate data cross-origin
https://notcve.org/view.php?id=CVE-2024-54467
10 Mar 2025 — A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. A flaw was found in WebKitGTK. A malicious website may exfiltrate data cross-origin due to a cookie management issue related to improper state management. • https://support.apple.com/en-us/121238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44179
https://notcve.org/view.php?id=CVE-2024-44179
10 Mar 2025 — This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen. • https://support.apple.com/en-us/121238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44227
https://notcve.org/view.php?id=CVE-2024-44227
10 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-54560
https://notcve.org/view.php?id=CVE-2024-54560
10 Mar 2025 — A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. • https://support.apple.com/en-us/121238 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper checks. • https://support.apple.com/en-us/121238 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54469
https://notcve.org/view.php?id=CVE-2024-54469
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information. • https://support.apple.com/en-us/121234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 24%CPEs: 4EXPL: 1CVE-2025-24200 – Apple iOS and iPadOS Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2025-24200
10 Feb 2025 — An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. iOS 18.3.1 and iPadOS 18.3.1 releases address a physical attack vulnerability on USB Restricted Mode. Apple iOS and iPadOS contains an incorrect authorization vul... • https://github.com/McTavishSue/CVE-2025-24200 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27859
https://notcve.org/view.php?id=CVE-2024-27859
10 Feb 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando la gestión de la memoria. Este problema se solucionó en iOS 17.4 y iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1 y macOS Sonoma 14.4. • https://support.apple.com/en-us/120881 • CWE-94: Improper Control of Generation of Code ('Code Injection') •