iPadOS
iPadOS 17.7.7
Official advisory30 CVEs fixed by this release.
- Release date
- 2025-05-12
- End of support
- 2025-09-15 EOL
- CVEs fixed
- 30
- CISA KEV
- 0
- Critical
- 0
- High
- 1
- NVD pending
- 29
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-8176
[Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution |
HIGH 7.5 | — | [Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution | |
|
CVE-2025-24097
[Apple AirDrop] An app may be able to read arbitrary file metadata |
N/A | — | [Apple AirDrop] An app may be able to read arbitrary file metadata | |
|
CVE-2025-24111
[Apple Display] An app may be able to cause unexpected system termination |
N/A | — | [Apple Display] An app may be able to cause unexpected system termination | |
|
CVE-2025-24144
[Apple Kernel] An app may be able to leak sensitive kernel state |
N/A | — | [Apple Kernel] An app may be able to leak sensitive kernel state | |
|
CVE-2025-24213
[Apple WebKit] A type confusion issue could lead to memory corruption |
N/A | — | [Apple WebKit] A type confusion issue could lead to memory corruption | |
|
CVE-2025-24225
[Apple Mail Addressing] Processing an email may lead to user interface spoofing |
N/A | — | [Apple Mail Addressing] Processing an email may lead to user interface spoofing | |
|
CVE-2025-24259
[Apple Parental Controls] An app may be able to retrieve Safari bookmarks without an entitlement check |
N/A | — | [Apple Parental Controls] An app may be able to retrieve Safari bookmarks without an entitlement check | |
|
CVE-2025-30448
[Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication |
N/A | — | [Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication | |
|
CVE-2025-31196
[Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memo… |
N/A | — | [Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents | |
|
CVE-2025-31206
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31208
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31209
[Apple CoreGraphics] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple CoreGraphics] Parsing a file may lead to disclosure of user information | |
|
CVE-2025-31210
[Apple FaceTime] Processing web content may lead to a denial-of-service |
N/A | — | [Apple FaceTime] Processing web content may lead to a denial-of-service | |
|
CVE-2025-31213
[Apple Security] An app may be able to access associated usernames and websites in a user's iCloud Keychain |
N/A | — | [Apple Security] An app may be able to access associated usernames and websites in a user's iCloud Keychain | |
|
CVE-2025-31215
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-31216
[Apple Wi-Fi] An attacker with physical access to a device may be able to override managed Wi-Fi profiles |
N/A | — | [Apple Wi-Fi] An attacker with physical access to a device may be able to override managed Wi-Fi profiles | |
|
CVE-2025-31217
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31219
[Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-31220
[Apple Weather] A malicious app may be able to read sensitive location information |
N/A | — | [Apple Weather] A malicious app may be able to read sensitive location information | |
|
CVE-2025-31221
[Apple Security] A remote attacker may be able to leak memory |
N/A | — | [Apple Security] A remote attacker may be able to leak memory | |
|
CVE-2025-31226
[Apple ImageIO] Processing a maliciously crafted image may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing a maliciously crafted image may lead to a denial-of-service | |
|
CVE-2025-31228
[Apple Notes] An attacker with physical access to a device may be able to access notes from the lock screen |
N/A | — | [Apple Notes] An attacker with physical access to a device may be able to access notes from the lock screen | |
|
CVE-2025-31233
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-31235
[Apple Audio] An app may be able to cause unexpected system termination |
N/A | — | [Apple Audio] An app may be able to cause unexpected system termination | |
|
CVE-2025-31239
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31241
[Apple Kernel] A remote attacker may cause an unexpected app termination |
N/A | — | [Apple Kernel] A remote attacker may cause an unexpected app termination | |
|
CVE-2025-31242
[Apple StoreKit] An app may be able to access sensitive user data |
N/A | — | [Apple StoreKit] An app may be able to access sensitive user data | |
|
CVE-2025-31245
[Apple Pro Res] An app may be able to cause unexpected system termination |
N/A | — | [Apple Pro Res] An app may be able to cause unexpected system termination | |
|
CVE-2025-31251
[Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43374
[Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |
N/A | — | [Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |