iPadOS
iPadOS 18.1
Official advisory44 CVEs fixed by this release.
- Release date
- 2024-10-28
- End of support
- —
- CVEs fixed
- 44
- CISA KEV
- 0
- Critical
- 0
- High
- 0
- NVD pending
- 44
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-44201
[Apple libarchive] Processing a malicious crafted file may lead to a denial-of-service |
N/A | — | [Apple libarchive] Processing a malicious crafted file may lead to a denial-of-service | |
|
CVE-2024-40851
[Apple Siri] An attacker with physical access may be able to access contact photos from the lock screen |
N/A | — | [Apple Siri] An attacker with physical access may be able to access contact photos from the lock screen | |
|
CVE-2024-40854
[Apple GPU Drivers] An app may be able to cause unexpected system termination |
N/A | — | [Apple GPU Drivers] An app may be able to cause unexpected system termination | |
|
CVE-2024-40867
[Apple iTunes] A remote attacker may be able to break out of Web Content sandbox |
N/A | — | [Apple iTunes] A remote attacker may be able to break out of Web Content sandbox | |
|
CVE-2024-44194
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2024-44200
[Apple Siri] An app may be able to read sensitive location information |
N/A | — | [Apple Siri] An app may be able to read sensitive location information | |
|
CVE-2024-44212
[Apple WebKit] Cookies belonging to one origin may be sent to another origin |
N/A | — | [Apple WebKit] Cookies belonging to one origin may be sent to another origin | |
|
CVE-2024-44215
[Apple ImageIO] Processing an image may result in disclosure of process memory |
N/A | — | [Apple ImageIO] Processing an image may result in disclosure of process memory | |
|
CVE-2024-44218
[Apple SceneKit] Processing a maliciously crafted file may lead to heap corruption |
N/A | — | [Apple SceneKit] Processing a maliciously crafted file may lead to heap corruption | |
|
CVE-2024-44229
[Apple Safari Private Browsing] Private browsing may leak some browsing history |
N/A | — | [Apple Safari Private Browsing] Private browsing may leak some browsing history | |
|
CVE-2024-44232
[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination |
N/A | — | [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination | |
|
CVE-2024-44233
[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination |
N/A | — | [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination | |
|
CVE-2024-44234
[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination |
N/A | — | [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination | |
|
CVE-2024-44235
[Apple Spotlight] An attacker may be able to view restricted content from the lock screen |
N/A | — | [Apple Spotlight] An attacker may be able to view restricted content from the lock screen | |
|
CVE-2024-44238
[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory |
N/A | — | [Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory | |
|
CVE-2024-44239
[Apple Kernel] An app may be able to leak sensitive kernel state |
N/A | — | [Apple Kernel] An app may be able to leak sensitive kernel state | |
|
CVE-2024-44240
[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2024-44241
[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution … |
N/A | — | [Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware | |
|
CVE-2024-44242
[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution … |
N/A | — | [Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware | |
|
CVE-2024-44244
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-44251
[Apple Spotlight] An attacker may be able to view restricted content from the lock screen |
N/A | — | [Apple Spotlight] An attacker may be able to view restricted content from the lock screen | |
|
CVE-2024-44252
[Apple MobileBackup] Restoring a maliciously crafted backup file may lead to modification of protected system files |
N/A | — | [Apple MobileBackup] Restoring a maliciously crafted backup file may lead to modification of protected system files | |
|
CVE-2024-44254
[Apple Shortcuts] An app may be able to access sensitive user data |
N/A | — | [Apple Shortcuts] An app may be able to access sensitive user data | |
|
CVE-2024-44255
[Apple App Support] A malicious app may be able to run arbitrary shortcuts without user consent |
N/A | — | [Apple App Support] A malicious app may be able to run arbitrary shortcuts without user consent | |
|
CVE-2024-44258
[Apple Managed Configuration] Restoring a maliciously crafted backup file may lead to modification of protected system … |
N/A | — | [Apple Managed Configuration] Restoring a maliciously crafted backup file may lead to modification of protected system files | |
|
CVE-2024-44259
[Apple Safari Downloads] An attacker may be able to misuse a trust relationship to download malicious content |
N/A | — | [Apple Safari Downloads] An attacker may be able to misuse a trust relationship to download malicious content | |
|
CVE-2024-44261
[Apple VoiceOver] An attacker may be able to view restricted content from the lock screen |
N/A | — | [Apple VoiceOver] An attacker may be able to view restricted content from the lock screen | |
|
CVE-2024-44263
[Apple Siri] An app may be able to access user-sensitive data |
N/A | — | [Apple Siri] An app may be able to access user-sensitive data | |
|
CVE-2024-44269
[Apple Shortcuts] A malicious app may use shortcuts to access restricted files |
N/A | — | [Apple Shortcuts] A malicious app may use shortcuts to access restricted files | |
|
CVE-2024-44273
[Apple CoreMedia Playback] A malicious app may be able to access private information |
N/A | — | [Apple CoreMedia Playback] A malicious app may be able to access private information | |
|
CVE-2024-44274
[Apple Accessibility] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple Accessibility] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2024-44277
[Apple Pro Res] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Pro Res] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2024-44278
[Apple Siri] A sandboxed app may be able to access sensitive user data in system logs |
N/A | — | [Apple Siri] A sandboxed app may be able to access sensitive user data in system logs | |
|
CVE-2024-44282
[Apple Foundation] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple Foundation] Parsing a file may lead to disclosure of user information | |
|
CVE-2024-44285
[Apple IOSurface] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple IOSurface] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2024-44290
[Apple Weather] An app may be able to determine a user’s current location |
N/A | — | [Apple Weather] An app may be able to determine a user’s current location | |
|
CVE-2024-44296
[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced | |
|
CVE-2024-44297
[Apple ImageIO] Processing a maliciously crafted message may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing a maliciously crafted message may lead to a denial-of-service | |
|
CVE-2024-44299
[Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution … |
N/A | — | [Apple IOMobileFrameBuffer] An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware | |
|
CVE-2024-44302
[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2024-54470
[Apple Siri] An attacker with physical access may be able to access contacts from the lock screen |
N/A | — | [Apple Siri] An attacker with physical access may be able to access contacts from the lock screen | |
|
CVE-2024-54535
[Apple Calendar] An attacker with access to calendar data could also read reminders |
N/A | — | [Apple Calendar] An attacker with access to calendar data could also read reminders | |
|
CVE-2024-54538
[Apple Security] A remote attacker may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote attacker may be able to cause a denial-of-service | |
|
CVE-2024-54556
[Apple WidgetKit] A user may be able to view restricted content from the lock screen |
N/A | — | [Apple WidgetKit] A user may be able to view restricted content from the lock screen |