Mobile device vulnerabilities

Showing 451 - 500 of 2.2K CVEs

  1. CVE-2025-43413 Published Nov 4, 2025

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A sandboxed app may be able to observe system-wide network connections.

  2. CVE-2025-43407 Published Nov 4, 2025

    This issue was addressed with improved entitlements. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. An app may be able to break out of its sandbox.

  3. CVE-2025-43398 Published Nov 4, 2025

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination.

  4. CVE-2025-43392 Published Nov 4, 2025

    The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.

  5. CVE-2025-43391 Published Nov 4, 2025

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.

  6. CVE-2025-43389 Published Nov 4, 2025

    A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data.

  7. CVE-2025-43386 Published Nov 4, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  8. CVE-2025-43385 Published Nov 4, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  9. CVE-2025-43384 Published Nov 4, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  10. CVE-2025-43383 Published Nov 4, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  11. CVE-2025-43379 Published Nov 4, 2025

    This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data.

  12. CVE-2025-43376 Published Nov 4, 2025

    A logic issue was addressed with improved state management. This issue is fixed in Safari 26, iOS 18.7.7 and iPadOS 18.7.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

  13. CVE-2025-43365 Published Nov 4, 2025

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.

  14. CVE-2025-43361 Published Nov 4, 2025

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A malicious app may be able to read kernel memory.

  15. CVE-2025-43360 Published Nov 4, 2025

    The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed.

  16. CVE-2025-43350 Published Nov 4, 2025

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen.

  17. CVE-2025-43345 Published Nov 4, 2025

    A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.

  18. CVE-2025-43338 Published Nov 4, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  19. CVE-2025-43323 Published Nov 4, 2025

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user.

  20. CVE-2025-43309 Published Nov 4, 2025

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.

  21. CVE-2025-43282 Published Oct 15, 2025

    A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.

  22. CVE-2025-43280 Published Oct 15, 2025

    The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.

  23. CVE-2025-20723 Published Oct 14, 2025

    In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797.

  24. CVE-2025-20722 Published Oct 14, 2025

    In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.

  25. CVE-2025-20721 Published Oct 14, 2025

    In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.

  26. CVE-2025-21055 Published Oct 10, 2025

    Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.

  27. CVE-2025-21054 Published Oct 10, 2025

    Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.

  28. CVE-2025-21051 Published Oct 10, 2025

    Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.

  29. CVE-2025-21048 Published Oct 10, 2025

    Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.

  30. CVE-2025-21050 Published Oct 10, 2025

    Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.

  31. CVE-2025-21053 Published Oct 10, 2025

    Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

  32. CVE-2025-21052 Published Oct 10, 2025

    Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

  33. CVE-2025-21049 Published Oct 10, 2025

    Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

  34. CVE-2025-21047 Published Oct 10, 2025

    Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.

  35. CVE-2025-21046 Published Oct 10, 2025

    Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

  36. CVE-2025-21044 Published Oct 10, 2025

    Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

  37. CVE-2025-43400 Published Sep 29, 2025

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

  38. CVE-2025-43372 Published Sep 15, 2025

    The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  39. CVE-2025-43368 Published Sep 15, 2025

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  40. CVE-2025-43362 Published Sep 15, 2025

    The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.

  41. CVE-2025-43359 Published Sep 15, 2025

    A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.

  42. CVE-2025-43358 Published Sep 15, 2025

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A shortcut may be able to bypass sandbox restrictions.

  43. CVE-2025-43357 Published Sep 15, 2025

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26. An app may be able to fingerprint the user.

  44. CVE-2025-43356 Published Sep 15, 2025

    The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.

  45. CVE-2025-43355 Published Sep 15, 2025

    A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause a denial-of-service.

  46. CVE-2025-43354 Published Sep 15, 2025

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.

  47. CVE-2025-43349 Published Sep 15, 2025

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.

  48. CVE-2025-43347 Published Sep 15, 2025

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An input validation issue was addressed.

  49. CVE-2025-43346 Published Sep 15, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  50. CVE-2025-43344 Published Sep 15, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system termination.