iPadOS
iPadOS 17.7.6
Official advisory50 CVEs fixed by this release.
- Release date
- 2025-03-31
- End of support
- 2025-09-15 EOL
- CVEs fixed
- 50
- CISA KEV
- 2
- Critical
- 0
- High
- 1
- NVD pending
- 47
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-24085
KEV
[Apple CoreMedia] A malicious application may be able to elevate privileges. Apple is aware of a report that this issue… |
N/A | KEV | [Apple CoreMedia] A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited agains… | |
|
CVE-2025-24201
KEV
[Apple WebKit] Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary… |
N/A | KEV | [Apple WebKit] Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in i… | |
|
CVE-2024-56171
[Apple libxml2] Parsing a file may lead to an unexpected app termination |
HIGH 7.8 | — | [Apple libxml2] Parsing a file may lead to an unexpected app termination | |
|
CVE-2024-9681
[Apple curl] An input validation issue was addressed |
MEDIUM 6.5 | — | [Apple curl] An input validation issue was addressed | |
|
CVE-2025-27113
[Apple libxml2] Parsing a file may lead to an unexpected app termination |
LOW 2.9 | — | [Apple libxml2] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-30465
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2024-54502
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-54508
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-54534
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2024-54543
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-24113
[Apple Safari] Visiting a malicious website may lead to user interface spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to user interface spoofing | |
|
CVE-2025-24131
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-24173
[Apple Power Services] An app may be able to break out of its sandbox |
N/A | — | [Apple Power Services] An app may be able to break out of its sandbox | |
|
CVE-2025-24177
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-24178
[Apple libxpc] An app may be able to break out of its sandbox |
N/A | — | [Apple libxpc] An app may be able to break out of its sandbox | |
|
CVE-2025-24179
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-24190
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-24198
[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2025-24203
[Apple Kernel] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Kernel] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24205
[Apple Siri] An app may be able to access user-sensitive data |
N/A | — | [Apple Siri] An app may be able to access user-sensitive data | |
|
CVE-2025-24206
[Apple AirPlay] An attacker on the local network may be able to bypass authentication policy |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to bypass authentication policy | |
|
CVE-2025-24209
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-24210
[Apple ImageIO] Parsing an image may lead to disclosure of user information |
N/A | — | [Apple ImageIO] Parsing an image may lead to disclosure of user information | |
|
CVE-2025-24211
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-24212
[Apple Calendar] An app may be able to break out of its sandbox |
N/A | — | [Apple Calendar] An app may be able to break out of its sandbox | |
|
CVE-2025-24215
[Apple CloudKit] A malicious app may be able to access private information |
N/A | — | [Apple CloudKit] A malicious app may be able to access private information | |
|
CVE-2025-24216
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-24221
[Apple Accounts] Sensitive keychain data may be accessible from an iOS backup |
N/A | — | [Apple Accounts] Sensitive keychain data may be accessible from an iOS backup | |
|
CVE-2025-24230
[Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination | |
|
CVE-2025-24237
[Apple BiometricKit] An app may be able to cause unexpected system termination |
N/A | — | [Apple BiometricKit] An app may be able to cause unexpected system termination | |
|
CVE-2025-24243
[Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution |
N/A | — | [Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution | |
|
CVE-2025-24244
[Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2025-24251
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-24252
[Apple AirPlay] An attacker on the local network may be able to corrupt process memory |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to corrupt process memory | |
|
CVE-2025-24264
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-24270
[Apple AirPlay] An attacker on the local network may be able to leak sensitive user information |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to leak sensitive user information | |
|
CVE-2025-24271
[Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without p… |
N/A | — | [Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing | |
|
CVE-2025-30425
[Apple WebKit] A malicious website may be able to track users in Safari private browsing mode |
N/A | — | [Apple WebKit] A malicious website may be able to track users in Safari private browsing mode | |
|
CVE-2025-30426
[Apple NetworkExtension] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple NetworkExtension] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-30427
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-30428
[Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2025-30429
[Apple Calendar] An app may be able to break out of its sandbox |
N/A | — | [Apple Calendar] An app may be able to break out of its sandbox | |
|
CVE-2025-30432
[Apple Kernel] A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating … |
N/A | — | [Apple Kernel] A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures | |
|
CVE-2025-30433
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2025-30445
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-30447
[Apple Foundation] An app may be able to access sensitive user data |
N/A | — | [Apple Foundation] An app may be able to access sensitive user data | |
|
CVE-2025-30471
[Apple Security] A remote user may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote user may be able to cause a denial-of-service | |
|
CVE-2025-31197
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-31203
[Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-43205
[Apple Audio] An app may be able to bypass ASLR |
N/A | — | [Apple Audio] An app may be able to bypass ASLR |