iPadOS 17.6

[Apple ImageIO] Processing an image may lead to a denial-of-service

Microsoft Security Update Guide entry — NVD enrichira.

[Apple Kernel] A local attacker may be able to determine kernel memory layout

[Apple Sandbox] An app may be able to access protected user data

[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination

[Apple AppleMobileFileIntegrity] An app may be able to bypass Privacy preferences

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination

[Apple Photos Storage] Photos in the Hidden Photos Album may be viewed without authentication

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination

[Apple WebKit] Processing maliciously crafted web content may lead to a cross site scripting attack

[Apple Siri] An attacker may be able to view sensitive user information

[Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements

[Apple Kernel] A local attacker may be able to cause unexpected system shutdown

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple Shortcuts] An app may be able to access user-sensitive data

[Apple WebKit] Private Browsing tabs may be accessed without authentication

[Apple Family Sharing] An app may be able to read sensitive location information

[Apple CoreGraphics] Processing a maliciously crafted file may lead to unexpected app termination

[Apple libxpc] An app may be able to bypass Privacy preferences

[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination

[Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements

[Apple Shortcuts] A shortcut may be able to bypass Internet permission requirements

[Apple Phone] An attacker with physical access may be able to use Siri to access sensitive user data

[Apple dyld] A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data

[Apple Siri] An attacker with physical access to a device may be able to access contacts from the lock screen

[Apple Sandbox] An app may be able to bypass Privacy preferences

[Apple VoiceOver] A user may be able to view restricted content from the lock screen

[Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user

[Apple Shortcuts] A shortcut may be able to use sensitive data with certain actions without prompting the user

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple Siri] A sandboxed app may be able to access sensitive user data in system logs

[Apple WebKit] A user may be able to bypass some web content restrictions

[Apple WebKit] Processing web content may lead to a denial-of-service

[Apple AirDrop] A file received from AirDrop may not have the quarantine flag applied

Chromium: CVE-2024-4558 Use after free in ANGLE