Mobile device vulnerabilities

Showing 801 - 850 of 2.2K CVEs

  1. CVE-2025-31245 Published May 12, 2025

    The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.

  2. CVE-2025-31233 Published May 12, 2025

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

  3. CVE-2025-31225 Published May 12, 2025

    A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.

  4. CVE-2025-31223 Published May 12, 2025

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  5. CVE-2025-31234 Published May 12, 2025

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

  6. CVE-2025-31226 Published May 12, 2025

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.

  7. CVE-2025-31227 Published May 12, 2025

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.

  8. CVE-2025-31228 Published May 12, 2025

    The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.

  9. CVE-2025-31215 Published May 12, 2025

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.

  10. CVE-2025-31209 Published May 12, 2025

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user information.

  11. CVE-2025-31219 Published May 12, 2025

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

  12. CVE-2025-31222 Published May 12, 2025

    A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.

  13. CVE-2025-31214 Published May 12, 2025

    This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.

  14. CVE-2025-31217 Published May 12, 2025

    The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  15. CVE-2025-31221 Published May 12, 2025

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory.

  16. CVE-2025-31212 Published May 12, 2025

    This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.

  17. CVE-2025-31210 Published May 12, 2025

    The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service.

  18. CVE-2025-31205 Published May 12, 2025

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.

  19. CVE-2025-30448 Published May 12, 2025

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.

  20. CVE-2025-31206 Published May 12, 2025

    A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  21. CVE-2025-31204 Published May 12, 2025

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  22. CVE-2025-31208 Published May 12, 2025

    The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.

  23. CVE-2025-31207 Published May 12, 2025

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.

  24. CVE-2025-24223 Published May 12, 2025

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  25. CVE-2025-24225 Published May 12, 2025

    An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing.

  26. CVE-2025-30436 Published May 12, 2025

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.

  27. CVE-2025-24220 Published May 12, 2025

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier.

  28. CVE-2025-24144 Published May 12, 2025

    An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state.

  29. CVE-2025-24111 Published May 12, 2025

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.

  30. CVE-2025-20980 Published May 7, 2025

    Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.

  31. CVE-2025-20979 Published May 7, 2025

    Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.

  32. CVE-2025-20968 Published May 7, 2025

    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.

  33. CVE-2025-20964 Published May 7, 2025

    Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

  34. CVE-2025-20963 Published May 7, 2025

    Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

  35. CVE-2025-20962 Published May 7, 2025

    Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.

  36. CVE-2025-20961 Published May 7, 2025

    Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.

  37. CVE-2025-20960 Published May 7, 2025

    Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.

  38. CVE-2025-20953 Published May 7, 2025

    Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.

  39. CVE-2025-20959 Published May 7, 2025

    Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.

  40. CVE-2025-20958 Published May 7, 2025

    Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.

  41. CVE-2025-20957 Published May 7, 2025

    Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.

  42. CVE-2025-20955 Published May 7, 2025

    Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.

  43. CVE-2025-20954 Published May 7, 2025

    Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

  44. CVE-2025-20937 Published May 7, 2025

    Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

  45. CVE-2025-20671 Published May 5, 2025

    In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.

  46. CVE-2025-20668 Published May 5, 2025

    In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.

  47. CVE-2025-20665 Published May 5, 2025

    In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

  48. CVE-2025-24091 Published Apr 30, 2025

    An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.

  49. CVE-2025-31203 Published Apr 29, 2025

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.

  50. CVE-2025-31202 Published Apr 29, 2025

    A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.