iPadOS

iPadOS 17.7.1

23 CVEs fixed by this release.

Release date: 2024-10-28
End of support: 2025-09-15 EOL
CVEs fixed: 23

CISA KEV: 0
Critical: 0
High: 0
NVD pending: 23

CVEs fixed

CVE	Severity	KEV	Published	Description
CVE-2024-40854 2024-10-28 [Apple GPU Drivers] An app may be able to cause unexpected system termination	N/A	—	2024-10-28	[Apple GPU Drivers] An app may be able to cause unexpected system termination
CVE-2024-44144 2024-10-28 [Apple SceneKit] Processing a maliciously crafted file may lead to unexpected app termination	N/A	—	2024-10-28	[Apple SceneKit] Processing a maliciously crafted file may lead to unexpected app termination
CVE-2024-44155 2024-10-28 [Apple Safari] Maliciously crafted web content may violate iframe sandboxing policy	N/A	—	2024-10-28	[Apple Safari] Maliciously crafted web content may violate iframe sandboxing policy
CVE-2024-44215 2024-10-28 [Apple ImageIO] Processing an image may result in disclosure of process memory	N/A	—	2024-10-28	[Apple ImageIO] Processing an image may result in disclosure of process memory
CVE-2024-44218 2024-10-28 [Apple SceneKit] Processing a maliciously crafted file may lead to heap corruption	N/A	—	2024-10-28	[Apple SceneKit] Processing a maliciously crafted file may lead to heap corruption
CVE-2024-44232 2024-10-28 [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination	N/A	—	2024-10-28	[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination
CVE-2024-44233 2024-10-28 [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination	N/A	—	2024-10-28	[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination
CVE-2024-44234 2024-10-28 [Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination	N/A	—	2024-10-28	[Apple AppleAVD] Parsing a maliciously crafted video file may lead to unexpected system termination
CVE-2024-44239 2024-10-28 [Apple Kernel] An app may be able to leak sensitive kernel state	N/A	—	2024-10-28	[Apple Kernel] An app may be able to leak sensitive kernel state
CVE-2024-44240 2024-10-28 [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory	N/A	—	2024-10-28	[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2024-44252 2024-10-28 [Apple MobileBackup] Restoring a maliciously crafted backup file may lead to modification of protected system files	N/A	—	2024-10-28	[Apple MobileBackup] Restoring a maliciously crafted backup file may lead to modification of protected system files
CVE-2024-44258 2024-10-28 [Apple Managed Configuration] Restoring a maliciously crafted backup file may lead to modification of protected system …	N/A	—	2024-10-28	[Apple Managed Configuration] Restoring a maliciously crafted backup file may lead to modification of protected system files
CVE-2024-44259 2024-10-28 [Apple Safari Downloads] An attacker may be able to misuse a trust relationship to download malicious content	N/A	—	2024-10-28	[Apple Safari Downloads] An attacker may be able to misuse a trust relationship to download malicious content
CVE-2024-44261 2024-10-28 [Apple VoiceOver] An attacker may be able to view restricted content from the lock screen	N/A	—	2024-10-28	[Apple VoiceOver] An attacker may be able to view restricted content from the lock screen
CVE-2024-44269 2024-10-28 [Apple Shortcuts] A malicious app may use shortcuts to access restricted files	N/A	—	2024-10-28	[Apple Shortcuts] A malicious app may use shortcuts to access restricted files
CVE-2024-44274 2024-10-28 [Apple Accessibility] An attacker with physical access to a locked device may be able to view sensitive user information	N/A	—	2024-10-28	[Apple Accessibility] An attacker with physical access to a locked device may be able to view sensitive user information
CVE-2024-44278 2024-10-28 [Apple Siri] A sandboxed app may be able to access sensitive user data in system logs	N/A	—	2024-10-28	[Apple Siri] A sandboxed app may be able to access sensitive user data in system logs
CVE-2024-44282 2024-10-28 [Apple Foundation] Parsing a file may lead to disclosure of user information	N/A	—	2024-10-28	[Apple Foundation] Parsing a file may lead to disclosure of user information
CVE-2024-44296 2024-10-28 [Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced	N/A	—	2024-10-28	[Apple WebKit] Processing maliciously crafted web content may prevent Content Security Policy from being enforced
CVE-2024-44297 2024-10-28 [Apple ImageIO] Processing a maliciously crafted message may lead to a denial-of-service	N/A	—	2024-10-28	[Apple ImageIO] Processing a maliciously crafted message may lead to a denial-of-service
CVE-2024-44302 2024-10-28 [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory	N/A	—	2024-10-28	[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2024-54470 2024-10-28 [Apple Siri] An attacker with physical access may be able to access contacts from the lock screen	N/A	—	2024-10-28	[Apple Siri] An attacker with physical access may be able to access contacts from the lock screen
CVE-2024-54538 2024-10-28 [Apple Security] A remote attacker may be able to cause a denial-of-service	N/A	—	2024-10-28	[Apple Security] A remote attacker may be able to cause a denial-of-service