iPadOS
iPadOS 18
Official advisory48 CVEs fixed by this release.
- Release date
- 2024-09-16
- End of support
- —
- CVEs fixed
- 48
- CISA KEV
- 0
- Critical
- 0
- High
- 0
- NVD pending
- 48
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-44122
[Apple LaunchServices] An application may be able to break out of its sandbox |
N/A | — | [Apple LaunchServices] An application may be able to break out of its sandbox | |
|
CVE-2024-44126
[Apple ARKit] Processing a maliciously crafted file may lead to heap corruption |
N/A | — | [Apple ARKit] Processing a maliciously crafted file may lead to heap corruption | |
|
CVE-2024-44144
[Apple SceneKit] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple SceneKit] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-44155
[Apple Safari] Maliciously crafted web content may violate iframe sandboxing policy |
N/A | — | [Apple Safari] Maliciously crafted web content may violate iframe sandboxing policy | |
|
CVE-2023-5841
[Apple Model I/O] Processing a maliciously crafted image may lead to a denial-of-service |
N/A | — | [Apple Model I/O] Processing a maliciously crafted image may lead to a denial-of-service | |
|
CVE-2024-27869
[Apple Control Center] An app may be able to record the screen without an indicator |
N/A | — | [Apple Control Center] An app may be able to record the screen without an indicator | |
|
CVE-2024-27874
[Apple Cellular] A remote attacker may be able to cause a denial-of-service |
N/A | — | [Apple Cellular] A remote attacker may be able to cause a denial-of-service | |
|
CVE-2024-27876
[Apple Compression] Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files |
N/A | — | [Apple Compression] Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files | |
|
CVE-2024-27879
[Apple UIKit] An attacker may be able to cause unexpected app termination |
N/A | — | [Apple UIKit] An attacker may be able to cause unexpected app termination | |
|
CVE-2024-27880
[Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple ImageIO] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2024-40791
[Apple Mail Accounts] An app may be able to access information about a user's contacts |
N/A | — | [Apple Mail Accounts] An app may be able to access information about a user's contacts | |
|
CVE-2024-40826
[Apple Printing] An unencrypted document may be written to a temporary file when using print preview |
N/A | — | [Apple Printing] An unencrypted document may be written to a temporary file when using print preview | |
|
CVE-2024-40830
[Apple Accessibility] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple Accessibility] An app may be able to enumerate a user's installed apps | |
|
CVE-2024-40840
[Apple Accessibility] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Accessibility] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2024-40850
[Apple Game Center] An app may be able to access user-sensitive data |
N/A | — | [Apple Game Center] An app may be able to access user-sensitive data | |
|
CVE-2024-40852
[Apple Accessibility] An attacker may be able to see recent photos without authentication in Assistive Access |
N/A | — | [Apple Accessibility] An attacker may be able to see recent photos without authentication in Assistive Access | |
|
CVE-2024-40853
[Apple Siri] An attacker may be able to use Siri to enable Auto-Answer Calls |
N/A | — | [Apple Siri] An attacker may be able to use Siri to enable Auto-Answer Calls | |
|
CVE-2024-40856
[Apple Wi-Fi] An attacker may be able to force a device to disconnect from a secure network |
N/A | — | [Apple Wi-Fi] An attacker may be able to force a device to disconnect from a secure network | |
|
CVE-2024-40857
[Apple WebKit] Processing maliciously crafted web content may lead to universal cross site scripting |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to universal cross site scripting | |
|
CVE-2024-40863
[Apple Sandbox] An app may be able to leak sensitive user information |
N/A | — | [Apple Sandbox] An app may be able to leak sensitive user information | |
|
CVE-2024-44123
[Apple Security] A malicious app with root privileges may be able to access keyboard input and location information wit… |
N/A | — | [Apple Security] A malicious app with root privileges may be able to access keyboard input and location information without user consent | |
|
CVE-2024-44124
[Apple Core Bluetooth] A malicious Bluetooth input device may bypass pairing |
N/A | — | [Apple Core Bluetooth] A malicious Bluetooth input device may bypass pairing | |
|
CVE-2024-44127
[Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication |
N/A | — | [Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication | |
|
CVE-2024-44131
[Apple FileProvider] An app may be able to access sensitive user data |
N/A | — | [Apple FileProvider] An app may be able to access sensitive user data | |
|
CVE-2024-44139
[Apple Siri] An attacker with physical access may be able to access contacts from the lock screen |
N/A | — | [Apple Siri] An attacker with physical access may be able to access contacts from the lock screen | |
|
CVE-2024-44145
[Apple Sidecar] An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock … |
N/A | — | [Apple Sidecar] An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen | |
|
CVE-2024-44147
[Apple NetworkExtension] An app may gain unauthorized access to Local Network |
N/A | — | [Apple NetworkExtension] An app may gain unauthorized access to Local Network | |
|
CVE-2024-44165
[Apple Kernel] Network traffic may leak outside a VPN tunnel |
N/A | — | [Apple Kernel] Network traffic may leak outside a VPN tunnel | |
|
CVE-2024-44167
[Apple Notes] An app may be able to overwrite arbitrary files |
N/A | — | [Apple Notes] An app may be able to overwrite arbitrary files | |
|
CVE-2024-44169
[Apple IOSurfaceAccelerator] An app may be able to cause unexpected system termination |
N/A | — | [Apple IOSurfaceAccelerator] An app may be able to cause unexpected system termination | |
|
CVE-2024-44170
[Apple Siri] An app may be able to access user-sensitive data |
N/A | — | [Apple Siri] An app may be able to access user-sensitive data | |
|
CVE-2024-44171
[Apple Accessibility] An attacker with physical access to a locked device may be able to Control Nearby Devices via acc… |
N/A | — | [Apple Accessibility] An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features | |
|
CVE-2024-44176
[Apple ImageIO] Processing an image may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing an image may lead to a denial-of-service | |
|
CVE-2024-44179
[Apple Siri] An attacker with physical access to a device may be able to read contact numbers from the lock screen |
N/A | — | [Apple Siri] An attacker with physical access to a device may be able to read contact numbers from the lock screen | |
|
CVE-2024-44180
[Apple Siri] An attacker with physical access may be able to access contacts from the lock screen |
N/A | — | [Apple Siri] An attacker with physical access may be able to access contacts from the lock screen | |
|
CVE-2024-44183
[Apple mDNSResponder] An app may be able to cause a denial-of-service |
N/A | — | [Apple mDNSResponder] An app may be able to cause a denial-of-service | |
|
CVE-2024-44184
[Apple Transparency] An app may be able to access user-sensitive data |
N/A | — | [Apple Transparency] An app may be able to access user-sensitive data | |
|
CVE-2024-44187
[Apple WebKit] A malicious website may exfiltrate data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate data cross-origin | |
|
CVE-2024-44191
[Apple Kernel] An app may gain unauthorized access to Bluetooth |
N/A | — | [Apple Kernel] An app may gain unauthorized access to Bluetooth | |
|
CVE-2024-44192
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-44198
[Apple libxml2] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple libxml2] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2024-44202
[Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication |
N/A | — | [Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication | |
|
CVE-2024-44217
[Apple Passwords] Password autofill may fill in passwords after failing authentication |
N/A | — | [Apple Passwords] Password autofill may fill in passwords after failing authentication | |
|
CVE-2024-44227
[Apple Wi-Fi] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Wi-Fi] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2024-54467
[Apple WebKit] A malicious website may exfiltrate data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate data cross-origin | |
|
CVE-2024-54469
[Apple FileProvider] A local user may be able to leak sensitive user information |
N/A | — | [Apple FileProvider] A local user may be able to leak sensitive user information | |
|
CVE-2024-54558
[Apple TCC] An app may be able to trick a user into granting access to photos from the user's photo library |
N/A | — | [Apple TCC] An app may be able to trick a user into granting access to photos from the user's photo library | |
|
CVE-2024-54560
[Apple LaunchServices] A malicious app may be able to modify other apps without having App Management permission |
N/A | — | [Apple LaunchServices] A malicious app may be able to modify other apps without having App Management permission |