CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28207
https://notcve.org/view.php?id=CVE-2023-28207
21 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data. • https://support.apple.com/en-us/102784 • CWE-277: Insecure Inherited Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44305
https://notcve.org/view.php?id=CVE-2024-44305
20 Mar 2025 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges. • https://support.apple.com/en-us/120911 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54564
https://notcve.org/view.php?id=CVE-2024-54564
20 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. • https://support.apple.com/en-us/120909 • CWE-276: Incorrect Default Permissions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44199
https://notcve.org/view.php?id=CVE-2024-44199
20 Mar 2025 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory. • https://support.apple.com/en-us/120911 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54551
https://notcve.org/view.php?id=CVE-2024-54551
20 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/120909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44276
https://notcve.org/view.php?id=CVE-2024-44276
17 Mar 2025 — This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. • https://support.apple.com/en-us/121837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://support.apple.com/en-us/122281 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48610
https://notcve.org/view.php?id=CVE-2022-48610
10 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data. • https://support.apple.com/en-us/102741 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43454
https://notcve.org/view.php?id=CVE-2022-43454
10 Mar 2025 — A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/102741 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54558
https://notcve.org/view.php?id=CVE-2024-54558
10 Mar 2025 — A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. • https://support.apple.com/en-us/121238 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •