iPadOS
iPadOS 18.4
Advisory officiel77 CVE corrigées par cette release.
- Date de sortie
- 2025-03-31
- Fin de support
- —
- CVE corrigées
- 77
- KEV CISA
- 0
- Critique
- 0
- Élevé
- 2
- En attente NVD
- 73
CVE corrigées
| CVE | Sévérité | KEV | Publié | Description |
|---|---|---|---|---|
|
CVE-2024-48958
[Apple libarchive] An input validation issue was addressed |
HIGH 7.8 | — | [Apple libarchive] An input validation issue was addressed | |
|
CVE-2024-56171
[Apple libxml2] Parsing a file may lead to an unexpected app termination |
HIGH 7.8 | — | [Apple libxml2] Parsing a file may lead to an unexpected app termination | |
|
CVE-2024-9681
[Apple curl] An input validation issue was addressed |
MEDIUM 6.5 | — | [Apple curl] An input validation issue was addressed | |
|
CVE-2025-27113
[Apple libxml2] Parsing a file may lead to an unexpected app termination |
LOW 2.9 | — | [Apple libxml2] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31199
[Apple Logging] An app may be able to access sensitive user data |
N/A | — | [Apple Logging] An app may be able to access sensitive user data | |
|
CVE-2025-24220
[Apple Sandbox Profiles] An app may be able to read a persistent device identifier |
N/A | — | [Apple Sandbox Profiles] An app may be able to read a persistent device identifier | |
|
CVE-2025-24097
[Apple AirDrop] An app may be able to read arbitrary file metadata |
N/A | — | [Apple AirDrop] An app may be able to read arbitrary file metadata | |
|
CVE-2025-31196
[Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memo… |
N/A | — | [Apple CoreGraphics] Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents | |
|
CVE-2025-24095
[Apple RepairKit] An app may be able to bypass Privacy preferences |
N/A | — | [Apple RepairKit] An app may be able to bypass Privacy preferences | |
|
CVE-2025-24113
[Apple Safari] Visiting a malicious website may lead to user interface spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to user interface spoofing | |
|
CVE-2025-24163
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24167
[Apple Safari] A download's origin may be incorrectly associated |
N/A | — | [Apple Safari] A download's origin may be incorrectly associated | |
|
CVE-2025-24173
[Apple Power Services] An app may be able to break out of its sandbox |
N/A | — | [Apple Power Services] An app may be able to break out of its sandbox | |
|
CVE-2025-24178
[Apple libxpc] An app may be able to break out of its sandbox |
N/A | — | [Apple libxpc] An app may be able to break out of its sandbox | |
|
CVE-2025-24180
[Apple Authentication Services] A malicious website may be able to claim WebAuthn credentials from another website that… |
N/A | — | [Apple Authentication Services] A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix | |
|
CVE-2025-24182
[Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple CoreText] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2025-24190
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-24192
[Apple Web Extensions] Visiting a website may leak sensitive data |
N/A | — | [Apple Web Extensions] Visiting a website may leak sensitive data | |
|
CVE-2025-24193
[Apple MobileLockdown] An attacker with a USB-C connection to an unlocked device may be able to programmatically access… |
N/A | — | [Apple MobileLockdown] An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos | |
|
CVE-2025-24194
[Apple libnetcore] Processing maliciously crafted web content may result in the disclosure of process memory |
N/A | — | [Apple libnetcore] Processing maliciously crafted web content may result in the disclosure of process memory | |
|
CVE-2025-24198
[Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data |
N/A | — | [Apple Siri] An attacker with physical access may be able to use Siri to access sensitive user data | |
|
CVE-2025-24202
[Apple Accessibility] An app may be able to access sensitive user data |
N/A | — | [Apple Accessibility] An app may be able to access sensitive user data | |
|
CVE-2025-24203
[Apple Kernel] An app may be able to modify protected parts of the file system |
N/A | — | [Apple Kernel] An app may be able to modify protected parts of the file system | |
|
CVE-2025-24205
[Apple Siri] An app may be able to access user-sensitive data |
N/A | — | [Apple Siri] An app may be able to access user-sensitive data | |
|
CVE-2025-24206
[Apple AirPlay] An attacker on the local network may be able to bypass authentication policy |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to bypass authentication policy | |
|
CVE-2025-24208
[Apple WebKit] Loading a malicious iframe may lead to a cross-site scripting attack |
N/A | — | [Apple WebKit] Loading a malicious iframe may lead to a cross-site scripting attack | |
|
CVE-2025-24209
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-24210
[Apple ImageIO] Parsing an image may lead to disclosure of user information |
N/A | — | [Apple ImageIO] Parsing an image may lead to disclosure of user information | |
|
CVE-2025-24211
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-24212
[Apple Calendar] An app may be able to break out of its sandbox |
N/A | — | [Apple Calendar] An app may be able to break out of its sandbox | |
|
CVE-2025-24214
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-24216
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-24217
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-24221
[Apple Accounts] Sensitive keychain data may be accessible from an iOS backup |
N/A | — | [Apple Accounts] Sensitive keychain data may be accessible from an iOS backup | |
|
CVE-2025-24230
[Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Playing a malicious audio file may lead to an unexpected app termination | |
|
CVE-2025-24237
[Apple BiometricKit] An app may be able to cause unexpected system termination |
N/A | — | [Apple BiometricKit] An app may be able to cause unexpected system termination | |
|
CVE-2025-24238
[Apple libxpc] An app may be able to gain elevated privileges |
N/A | — | [Apple libxpc] An app may be able to gain elevated privileges | |
|
CVE-2025-24243
[Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution |
N/A | — | [Apple Audio] Processing a maliciously crafted file may lead to arbitrary code execution | |
|
CVE-2025-24244
[Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory |
N/A | — | [Apple Audio] Processing a maliciously crafted font may result in the disclosure of process memory | |
|
CVE-2025-24251
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-24252
[Apple AirPlay] An attacker on the local network may be able to corrupt process memory |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to corrupt process memory | |
|
CVE-2025-24257
[Apple IOGPUFamily] An app may be able to cause unexpected system termination or write kernel memory |
N/A | — | [Apple IOGPUFamily] An app may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-24264
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-24270
[Apple AirPlay] An attacker on the local network may be able to leak sensitive user information |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to leak sensitive user information | |
|
CVE-2025-24271
[Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without p… |
N/A | — | [Apple AirPlay] An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing | |
|
CVE-2025-24283
[Apple Focus] An app may be able to access sensitive user data |
N/A | — | [Apple Focus] An app may be able to access sensitive user data | |
|
CVE-2025-30425
[Apple WebKit] A malicious website may be able to track users in Safari private browsing mode |
N/A | — | [Apple WebKit] A malicious website may be able to track users in Safari private browsing mode | |
|
CVE-2025-30426
[Apple NetworkExtension] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple NetworkExtension] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-30427
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-30428
[Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Photos] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2025-30429
[Apple Calendar] An app may be able to break out of its sandbox |
N/A | — | [Apple Calendar] An app may be able to break out of its sandbox | |
|
CVE-2025-30430
[Apple Authentication Services] Password autofill may fill in passwords after failing authentication |
N/A | — | [Apple Authentication Services] Password autofill may fill in passwords after failing authentication | |
|
CVE-2025-30432
[Apple Kernel] A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating … |
N/A | — | [Apple Kernel] A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures | |
|
CVE-2025-30433
[Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app |
N/A | — | [Apple Shortcuts] A shortcut may be able to access files that are normally inaccessible to the Shortcuts app | |
|
CVE-2025-30434
[Apple Journal] Processing a maliciously crafted file may lead to a cross site scripting attack |
N/A | — | [Apple Journal] Processing a maliciously crafted file may lead to a cross site scripting attack | |
|
CVE-2025-30436
[Apple Siri] An attacker may be able to use Siri to enable Auto-Answer Calls |
N/A | — | [Apple Siri] An attacker may be able to use Siri to enable Auto-Answer Calls | |
|
CVE-2025-30438
[Apple Share Sheet] A malicious app may be able to dismiss the system notification on the Lock Screen that a recording … |
N/A | — | [Apple Share Sheet] A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started | |
|
CVE-2025-30439
[Apple Focus] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple Focus] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-30445
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-30447
[Apple Foundation] An app may be able to access sensitive user data |
N/A | — | [Apple Foundation] An app may be able to access sensitive user data | |
|
CVE-2025-30454
[Apple CoreMedia Playback] A malicious app may be able to access private information |
N/A | — | [Apple CoreMedia Playback] A malicious app may be able to access private information | |
|
CVE-2025-30456
[Apple DiskArbitration] An app may be able to gain root privileges |
N/A | — | [Apple DiskArbitration] An app may be able to gain root privileges | |
|
CVE-2025-30463
[Apple Handoff] An app may be able to access sensitive user data |
N/A | — | [Apple Handoff] An app may be able to access sensitive user data | |
|
CVE-2025-30466
[Apple Safari] A website may be able to bypass Same Origin Policy |
N/A | — | [Apple Safari] A website may be able to bypass Same Origin Policy | |
|
CVE-2025-30467
[Apple Safari] Visiting a malicious website may lead to address bar spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to address bar spoofing | |
|
CVE-2025-30469
[Apple Photos] A person with physical access to an iOS device may be able to access photos from the lock screen |
N/A | — | [Apple Photos] A person with physical access to an iOS device may be able to access photos from the lock screen | |
|
CVE-2025-30470
[Apple Maps] An app may be able to read sensitive location information |
N/A | — | [Apple Maps] An app may be able to read sensitive location information | |
|
CVE-2025-30471
[Apple Security] A remote user may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote user may be able to cause a denial-of-service | |
|
CVE-2025-31182
[Apple libxpc] An app may be able to delete files for which it does not have permission |
N/A | — | [Apple libxpc] An app may be able to delete files for which it does not have permission | |
|
CVE-2025-31183
[Apple Siri] An app may be able to access sensitive user data |
N/A | — | [Apple Siri] An app may be able to access sensitive user data | |
|
CVE-2025-31184
[Apple Web Extensions] An app may gain unauthorized access to Local Network |
N/A | — | [Apple Web Extensions] An app may gain unauthorized access to Local Network | |
|
CVE-2025-31191
[Apple CoreServices] An app may be able to access sensitive user data |
N/A | — | [Apple CoreServices] An app may be able to access sensitive user data | |
|
CVE-2025-31192
[Apple Safari] A website may be able to access sensor information without user consent |
N/A | — | [Apple Safari] A website may be able to access sensor information without user consent | |
|
CVE-2025-31197
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-31202
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-31203
[Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple CoreUtils] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-43205
[Apple Audio] An app may be able to bypass ASLR |
N/A | — | [Apple Audio] An app may be able to bypass ASLR |