CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42977
https://notcve.org/view.php?id=CVE-2023-42977
11 Apr 2025 — A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox. • https://support.apple.com/en-us/120949 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42961
https://notcve.org/view.php?id=CVE-2023-42961
11 Apr 2025 — A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions. • https://support.apple.com/en-us/120328 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42970
https://notcve.org/view.php?id=CVE-2023-42970
11 Apr 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/120330 • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38614
https://notcve.org/view.php?id=CVE-2023-38614
11 Apr 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data. • https://support.apple.com/en-us/120949 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42875
https://notcve.org/view.php?id=CVE-2023-42875
11 Apr 2025 — Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. • https://support.apple.com/en-us/120330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42969
https://notcve.org/view.php?id=CVE-2023-42969
11 Apr 2025 — An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches. • https://support.apple.com/en-us/120328 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42973
https://notcve.org/view.php?id=CVE-2023-42973
11 Apr 2025 — Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI. • https://support.apple.com/en-us/120949 • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24167 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24167
31 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30470 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30470
31 Mar 2025 — A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30427 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
https://notcve.org/view.php?id=CVE-2025-30427
31 Mar 2025 — A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash. ajajfxhj discovered that processing web content may lead to a d... • https://support.apple.com/en-us/122371 • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •