Skip to content
Appaloosa Scout

iPadOS

iPadOS 17.5

Official advisory

49 CVEs fixed by this release.

Release date
2024-05-13
End of support
2025-09-15 EOL
CVEs fixed
49
CISA KEV
0
Critical
0
High
0
NVD pending
49

CVEs fixed

CVE Severity
CVE-2024-27826

[Apple Apple Neural Engine] A local attacker may be able to cause unexpected system shutdown

 N/A
CVE-2023-42893

[Apple Libsystem] An app may be able to access protected user data

 N/A
CVE-2024-23251

[Apple Mail] An attacker with physical access may be able to leak Mail account credentials

 N/A
CVE-2024-23282

[Apple Mail] A maliciously crafted email may be able to initiate FaceTime calls without user authorization

 N/A
CVE-2024-27796

[Apple AVEVideoEncoder] A user may be able to elevate privileges

 N/A
CVE-2024-27800

[Apple AVEVideoEncoder] Processing a maliciously crafted message may lead to a denial-of-service

 N/A
CVE-2024-27801

[Apple Foundation] An app may be able to elevate privileges

 N/A
CVE-2024-27802

[Apple AVEVideoEncoder] Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code …

 N/A
CVE-2024-27803

[Apple Screenshots] An attacker with physical access may be able to share items from the lock screen

 N/A
CVE-2024-27804

[Apple AppleAVD] An app may be able to cause unexpected system termination

 N/A
CVE-2024-27805

[Apple AVEVideoEncoder] An app may be able to access sensitive user data

 N/A
CVE-2024-27806

[Apple AVEVideoEncoder] An app may be able to access sensitive user data

 N/A
CVE-2024-27807

[Apple Symptom Framework] An app may be able to circumvent App Privacy Report logging

 N/A
CVE-2024-27808

[Apple WebKit] Processing web content may lead to arbitrary code execution

 N/A
CVE-2024-27810

[Apple AVEVideoEncoder] An app may be able to read sensitive location information

 N/A
CVE-2024-27811

[Apple libiconv] An app may be able to elevate privileges

 N/A
CVE-2024-27815

[Apple Kernel] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-27816

[Apple AppleMobileFileIntegrity] An attacker may be able to access user data

 N/A
CVE-2024-27817

[Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-27818

[Apple Kernel] An attacker may be able to cause unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27819

[Apple Siri] An attacker with physical access may be able to access contacts from the lock screen

 N/A
CVE-2024-27820

[Apple WebKit Web Inspector] Processing web content may lead to arbitrary code execution

 N/A
CVE-2024-27821

[Apple Shortcuts] A shortcut may output sensitive user data without consent

 N/A
CVE-2024-27823

[Apple AVEVideoEncoder] An attacker in a privileged network position may be able to spoof network packets

 N/A
CVE-2024-27828

[Apple IOSurface] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-27830

[Apple WebKit Canvas] A maliciously crafted webpage may be able to fingerprint the user

 N/A
CVE-2024-27831

[Apple AVEVideoEncoder] Processing a file may lead to unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27832

[Apple Disk Images] An app may be able to elevate privileges

 N/A
CVE-2024-27833

[Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution

 N/A
CVE-2024-27834

[Apple WebKit] An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

 N/A
CVE-2024-27835

[Apple Notes] An attacker with physical access to an iOS device may be able to access notes from the lock screen

 N/A
CVE-2024-27836

[Apple ImageIO] Processing a maliciously crafted image may lead to arbitrary code execution

 N/A
CVE-2024-27838

[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user

 N/A
CVE-2024-27839

[Apple Find My] A malicious application may be able to determine a user's current location

 N/A
CVE-2024-27840

[Apple AVEVideoEncoder] An attacker that has already achieved kernel code execution may be able to bypass kernel memory…

 N/A
CVE-2024-27841

[Apple AVEVideoEncoder] An app may be able to disclose kernel memory

 N/A
CVE-2024-27845

[Apple Notes] An app may be able to access Notes attachments

 N/A
CVE-2024-27847

[Apple AVEVideoEncoder] An app may be able to bypass Privacy preferences

 N/A
CVE-2024-27848

[Apple StorageKit] A malicious app may be able to gain root privileges

 N/A
CVE-2024-27850

[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user

 N/A
CVE-2024-27851

[Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution

 N/A
CVE-2024-27852

[Apple MarketplaceKit] A maliciously crafted webpage may be able to distribute a script that tracks users on other webp…

 N/A
CVE-2024-27855

[Apple AVEVideoEncoder] A shortcut may be able to use sensitive data with certain actions without prompting the user

 N/A
CVE-2024-27856

[Apple WebKit] Processing a file may lead to unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27857

[Apple Metal] A remote attacker may be able to cause unexpected app termination or arbitrary code execution

 N/A
CVE-2024-27884

[Apple Transparency] An app may be able to access user-sensitive data

 N/A
CVE-2024-40771

[Apple AVEVideoEncoder] An app may be able to execute arbitrary code with kernel privileges

 N/A
CVE-2024-40839

[Apple Status Bar] An attacker with physical access to an iOS device may be able to view notification contents from the…

 N/A
CVE-2024-44136

[Apple Face ID] An attacker with physical access to a device may be able to disable Stolen Device Protection

 N/A