CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54564
https://notcve.org/view.php?id=CVE-2024-54564
20 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. • https://support.apple.com/en-us/120909 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44276
https://notcve.org/view.php?id=CVE-2024-44276
17 Mar 2025 — This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. • https://support.apple.com/en-us/121837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://support.apple.com/en-us/122281 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-54558
https://notcve.org/view.php?id=CVE-2024-54558
10 Mar 2025 — A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. • https://support.apple.com/en-us/121238 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-54467 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-54467
10 Mar 2025 — A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. Tashita Software Security discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin. • https://support.apple.com/en-us/121238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44227
https://notcve.org/view.php?id=CVE-2024-44227
10 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-54560
https://notcve.org/view.php?id=CVE-2024-54560
10 Mar 2025 — A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. • https://support.apple.com/en-us/121238 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial o... • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54469
https://notcve.org/view.php?id=CVE-2024-54469
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information. • https://support.apple.com/en-us/121234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 16%CPEs: 4EXPL: 1CVE-2025-24200 – Apple iOS and iPadOS Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2025-24200
10 Feb 2025 — An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. iOS 18.3.1 and iPadOS 18.3.1 releases address a physical attack vulnerability on USB Restricted Mode. Apple iOS and iPadOS contains an incorrect authorization vul... • https://github.com/McTavishSue/CVE-2025-24200 • CWE-863: Incorrect Authorization •