KEV category

Apple endpoint KEV entries — Mac, iPhone, iPad

Vulnerabilities being actively exploited on Apple endpoints — Macs, iPhones, iPads. These devices typically handle email, browse client portals, and store device-local files — exploitation gives an attacker access to that data on the device. Updated daily from the CISA KEV catalog.

Updated 17 hours ago. 93 entries in this category. All SMB-relevant entries.

CVE-2025-43510Plan to patch
Apple Multiple Products Improper Locking Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2025-43520Monitor
Apple Multiple Products Classic Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2025-31277Plan to patch
Apple Multiple Products Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2023-43000Plan to patch
Apple Multiple products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2021-30952Plan to patch
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2023-41974Plan to patch
Apple iOS and iPadOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Added to KEV Mar 5, 2026 · Apple iOS and iPadOS
CVE-2026-20700Plan to patch
Apple Multiple Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
Added to KEV Feb 12, 2026 · Apple Multiple Products
CVE-2025-43529Plan to patch
Apple Multiple Products Use-After-Free WebKit Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 15, 2025 · Apple Multiple Products
CVE-2022-48503Plan to patch
Apple Multiple Products Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 20, 2025 · Apple Multiple Products
CVE-2025-43300Patch this week
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added to KEV Aug 21, 2025 · Apple iOS, iPadOS, and macOS
CVE-2025-43200Monitor
Apple Multiple Products Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
Added to KEV Jun 16, 2025 · Apple Multiple Products
CVE-2025-31201Patch this week
Apple Multiple Products Arbitrary Read and Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-31200Patch this week
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-24201Patch this week
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Mar 13, 2025 · Apple Multiple Products
CVE-2025-24200Monitor
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
Added to KEV Feb 12, 2025 · Apple iOS and iPadOS
CVE-2025-24085Patch this week
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
Added to KEV Jan 29, 2025 · Apple Multiple Products
CVE-2024-44309Monitor
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
Added to KEV Nov 21, 2024 · Apple Multiple Products
CVE-2024-44308Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
Added to KEV Nov 21, 2024 · Apple Multiple Products
CVE-2024-23225Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-23296Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2022-48618Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
Added to KEV Jan 31, 2024 · Apple Multiple Products
CVE-2024-23222Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jan 23, 2024 · Apple Multiple Products
CVE-2023-41990Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
Added to KEV Jan 8, 2024 · Apple Multiple Products
CVE-2023-42917Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-42916Monitor
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-42824Plan to patch
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
Added to KEV Oct 5, 2023 · Apple iOS and iPadOS
CVE-2023-41991Monitor
Apple Multiple Products Improper Certificate Validation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41992Plan to patch
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41993Plan to patch
Apple Multiple Products WebKit Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41064Plan to patch
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.
Added to KEV Sep 11, 2023 · Apple iOS, iPadOS, and macOS
CVE-2023-41061Plan to patch
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.
Added to KEV Sep 11, 2023 · Apple iOS, iPadOS, and watchOS
CVE-2023-38606Monitor
Apple Multiple Products Kernel Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
Added to KEV Jul 26, 2023 · Apple Multiple Products
CVE-2023-37450Plan to patch
Apple Multiple Products WebKit Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jul 13, 2023 · Apple Multiple Products
CVE-2023-32434Plan to patch
Apple Multiple Products Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32435Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32439Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32409Plan to patch
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-28204Monitor
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-32373Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2019-8526Plan to patch
Apple macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Added to KEV Apr 17, 2023 · Apple macOS
CVE-2023-28205Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Apr 10, 2023 · Apple Multiple Products
CVE-2023-28206Plan to patch
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Added to KEV Apr 10, 2023 · Apple iOS, iPadOS, and macOS
CVE-2021-30900Plan to patch
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Mar 30, 2023 · Apple iOS, iPadOS, and macOS
CVE-2023-23529Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 14, 2023 · Apple Multiple Products
CVE-2022-42856Plan to patch
Apple iOS Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
Added to KEV Dec 14, 2022 · Apple iOS
CVE-2022-42827Plan to patch
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Added to KEV Oct 25, 2022 · Apple iOS and iPadOS
CVE-2022-32917Plan to patch
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Added to KEV Sep 14, 2022 · Apple iOS, iPadOS, and macOS
CVE-2020-9934Monitor
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
Added to KEV Sep 8, 2022 · Apple iOS, iPadOS, and macOS
CVE-2021-31010Plan to patch
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
Added to KEV Aug 25, 2022 · Apple iOS, macOS, watchOS
CVE-2022-32894Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2022-32893Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2021-30983Plan to patch
Apple iOS and iPadOS Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple iOS and iPadOS
CVE-2020-3837Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2020-9907Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-8605Plan to patch
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2018-4344Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2016-4655Monitor
Apple iOS Information Disclosure Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4656Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4657Plan to patch
Apple iOS Webkit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 24, 2022 · Apple iOS
CVE-2019-7286Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2021-30883Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2019-7287Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
Added to KEV May 23, 2022 · Apple iOS
CVE-2021-1789Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Added to KEV May 4, 2022 · Apple Multiple Products
CVE-2019-8506Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Added to KEV May 4, 2022 · Apple Multiple Products
CVE-2022-22675Plan to patch
Apple macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2022-22674Monitor
Apple macOS Out-of-Bounds Read Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2022-22620Plan to patch
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 11, 2022 · Apple iOS, iPadOS, and macOS
CVE-2015-1130Plan to patch
Apple OS X Authentication Bypass Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2014-4404Plan to patch
Apple OS X Heap-Based Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2022-22587Patch this week
Apple Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Added to KEV Jan 28, 2022 · Apple iOS and macOS
CVE-2021-30858Plan to patch
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2019-6223Plan to patch
Apple iOS and macOS Group Facetime Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
Added to KEV Nov 3, 2021 · Apple iOS and macOS
CVE-2021-30860Plan to patch
Apple Multiple Products Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27930Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30807Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27950Monitor
Apple Multiple Products Memory Initialization Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27932Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-9818Plan to patch
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2020-9819Monitor
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30762Plan to patch
Apple iOS WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-1782Plan to patch
Apple Multiple Products Race Condition Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-1870Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1871Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1879Monitor
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30661Plan to patch
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30666Plan to patch
Apple iOS WebKit Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30713Plan to patch
Apple macOS Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
Added to KEV Nov 3, 2021 · Apple macOS
CVE-2021-30657Monitor
Apple macOS Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
Added to KEV Nov 3, 2021 · Apple macOS
CVE-2021-30665Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30663Plan to patch
Apple Multiple Products WebKit Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30761Plan to patch
Apple iOS WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30869Plan to patch
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2020-9859Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products

KEV category

Apple endpoint KEV entries — Mac, iPhone, iPad

Updated 17 hours ago. 93 entries in this category. All SMB-relevant entries.

CVE-2025-43510Plan to patch
Apple Multiple Products Improper Locking Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2025-43520Monitor
Apple Multiple Products Classic Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2025-31277Plan to patch
Apple Multiple Products Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2023-43000Plan to patch
Apple Multiple products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2021-30952Plan to patch
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2023-41974Plan to patch
Apple iOS and iPadOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Added to KEV Mar 5, 2026 · Apple iOS and iPadOS
CVE-2026-20700Plan to patch
Apple Multiple Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
Added to KEV Feb 12, 2026 · Apple Multiple Products
CVE-2025-43529Plan to patch
Apple Multiple Products Use-After-Free WebKit Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 15, 2025 · Apple Multiple Products
CVE-2022-48503Plan to patch
Apple Multiple Products Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 20, 2025 · Apple Multiple Products
CVE-2025-43300Patch this week
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added to KEV Aug 21, 2025 · Apple iOS, iPadOS, and macOS
CVE-2025-43200Monitor
Apple Multiple Products Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
Added to KEV Jun 16, 2025 · Apple Multiple Products
CVE-2025-31201Patch this week
Apple Multiple Products Arbitrary Read and Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-31200Patch this week
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-24201Patch this week
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Mar 13, 2025 · Apple Multiple Products
CVE-2025-24200Monitor
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
Added to KEV Feb 12, 2025 · Apple iOS and iPadOS
CVE-2025-24085Patch this week
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
Added to KEV Jan 29, 2025 · Apple Multiple Products
CVE-2024-44309Monitor
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
Added to KEV Nov 21, 2024 · Apple Multiple Products
CVE-2024-44308Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
Added to KEV Nov 21, 2024 · Apple Multiple Products
CVE-2024-23225Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-23296Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2022-48618Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
Added to KEV Jan 31, 2024 · Apple Multiple Products
CVE-2024-23222Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jan 23, 2024 · Apple Multiple Products
CVE-2023-41990Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
Added to KEV Jan 8, 2024 · Apple Multiple Products
CVE-2023-42917Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-42916Monitor
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-42824Plan to patch
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
Added to KEV Oct 5, 2023 · Apple iOS and iPadOS
CVE-2023-41991Monitor
Apple Multiple Products Improper Certificate Validation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41992Plan to patch
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41993Plan to patch
Apple Multiple Products WebKit Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41064Plan to patch
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.
Added to KEV Sep 11, 2023 · Apple iOS, iPadOS, and macOS
CVE-2023-41061Plan to patch
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.
Added to KEV Sep 11, 2023 · Apple iOS, iPadOS, and watchOS
CVE-2023-38606Monitor
Apple Multiple Products Kernel Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
Added to KEV Jul 26, 2023 · Apple Multiple Products
CVE-2023-37450Plan to patch
Apple Multiple Products WebKit Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jul 13, 2023 · Apple Multiple Products
CVE-2023-32434Plan to patch
Apple Multiple Products Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32435Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32439Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32409Plan to patch
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-28204Monitor
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-32373Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2019-8526Plan to patch
Apple macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Added to KEV Apr 17, 2023 · Apple macOS
CVE-2023-28205Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Apr 10, 2023 · Apple Multiple Products
CVE-2023-28206Plan to patch
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Added to KEV Apr 10, 2023 · Apple iOS, iPadOS, and macOS
CVE-2021-30900Plan to patch
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Mar 30, 2023 · Apple iOS, iPadOS, and macOS
CVE-2023-23529Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 14, 2023 · Apple Multiple Products
CVE-2022-42856Plan to patch
Apple iOS Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
Added to KEV Dec 14, 2022 · Apple iOS
CVE-2022-42827Plan to patch
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Added to KEV Oct 25, 2022 · Apple iOS and iPadOS
CVE-2022-32917Plan to patch
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Added to KEV Sep 14, 2022 · Apple iOS, iPadOS, and macOS
CVE-2020-9934Monitor
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
Added to KEV Sep 8, 2022 · Apple iOS, iPadOS, and macOS
CVE-2021-31010Plan to patch
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
Added to KEV Aug 25, 2022 · Apple iOS, macOS, watchOS
CVE-2022-32894Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2022-32893Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2021-30983Plan to patch
Apple iOS and iPadOS Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple iOS and iPadOS
CVE-2020-3837Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2020-9907Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-8605Plan to patch
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2018-4344Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2016-4655Monitor
Apple iOS Information Disclosure Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4656Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4657Plan to patch
Apple iOS Webkit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 24, 2022 · Apple iOS
CVE-2019-7286Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2021-30883Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2019-7287Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
Added to KEV May 23, 2022 · Apple iOS
CVE-2021-1789Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Added to KEV May 4, 2022 · Apple Multiple Products
CVE-2019-8506Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Added to KEV May 4, 2022 · Apple Multiple Products
CVE-2022-22675Plan to patch
Apple macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2022-22674Monitor
Apple macOS Out-of-Bounds Read Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2022-22620Plan to patch
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 11, 2022 · Apple iOS, iPadOS, and macOS
CVE-2015-1130Plan to patch
Apple OS X Authentication Bypass Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2014-4404Plan to patch
Apple OS X Heap-Based Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2022-22587Patch this week
Apple Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Added to KEV Jan 28, 2022 · Apple iOS and macOS
CVE-2021-30858Plan to patch
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2019-6223Plan to patch
Apple iOS and macOS Group Facetime Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
Added to KEV Nov 3, 2021 · Apple iOS and macOS
CVE-2021-30860Plan to patch
Apple Multiple Products Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27930Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30807Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27950Monitor
Apple Multiple Products Memory Initialization Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27932Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-9818Plan to patch
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2020-9819Monitor
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30762Plan to patch
Apple iOS WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-1782Plan to patch
Apple Multiple Products Race Condition Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-1870Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1871Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1879Monitor
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30661Plan to patch
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30666Plan to patch
Apple iOS WebKit Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30713Plan to patch
Apple macOS Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
Added to KEV Nov 3, 2021 · Apple macOS
CVE-2021-30657Monitor
Apple macOS Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
Added to KEV Nov 3, 2021 · Apple macOS
CVE-2021-30665Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30663Plan to patch
Apple Multiple Products WebKit Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30761Plan to patch
Apple iOS WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30869Plan to patch
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2020-9859Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products