This list highlights the latest CISA catalogue entries of Known Exploited Vulnerabilities from Apple and Apple products in 2022-2023.
| Product | Vulnerability Name | Date Added | Short Description | Required Action | Due Date | Detail Link |
| Multiple Products | Apple Multiple Products WebKit Type Confusion Vulnerability | 02/14/23 | WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. | Apply updates per vendor instructions. | 01/04/23 | CVE-2023-23529 |
| iOS | Apple iOS Type Confusion Vulnerability | 12/14/22 | Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. | Apply updates per vendor instructions. | 01/04/23 | CVE-2022-42856 |
| iOS and iPadOS | Apple iOS and iPadOS Out-of-Bounds Write Vulnerability | 10/25/22 | Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. | Apply updates per vendor instructions. | 11/15/22 | CVE-2022-42827 |
| iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability | 9/14/22 | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. | Apply updates per vendor instructions. | 10/5/22 | CVE-2022-32917 |
| OS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Input Validation Vulnerability | 9/8/22 | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | Apply updates per vendor instructions. | 9/29/22 | CVE-2021-31010 |
| iOS, macOS, watchOS | Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability | 8/25/22 | In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. | Apply updates per vendor instructions. | 9/15/22 | CVE-2021-31010 |
| iOS and macOS | Apple iOS and macOS Out-of-Bounds Write Vulnerability | 8/18/22 | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 9/8/22 | CVE-2022-32894 |
| iOS and macOS | Apple iOS and macOS Out-of-Bounds Write Vulnerability | 8/18/22 | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. | Apply updates per vendor instructions. | 9/8/22 | CVE-2022-32893 |
| iOS and iPadOS | Apple iOS and iPadOS Buffer Overflow Vulnerability | 6/27/22 | Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2021-30983 |
| Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 6/27/22 | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2020-3837 |
| Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 6/27/22 | Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2020-9907 |
| Multiple Products | Apple Multiple Products Use-After-Free Vulnerability | 6/27/22 | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | Apply updates per vendor instructions. | 7/18/22 | CVE-2019-8605 |
| Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 6/27/22 | Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. | Apply updates per vendor instructions. | 7/18/22 | CVE-2018-4344 |
| iOS | Apple iOS Information Disclosure Vulnerability | 5/24/22 | The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. | Apply updates per vendor instructions. | 6/14/22 | CVE-2016-4655 |
| iOS | Apple iOS Memory Corruption Vulnerability | 5/24/22 | A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. | Apply updates per vendor instructions. | 6/14/22 | CVE-2016-4656 |
| iOS | Apple iOS Webkit Memory Corruption Vulnerability | 5/24/22 | WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. | Apply updates per vendor instructions. | 6/14/22 | CVE-2016-4657 |
| Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 5/23/22 | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. | Apply updates per vendor instructions. | 6/13/22 | CVE-2021-30883 |
| Multiple Products | Apple Multiple Products Memory Corruption Vulnerability | 5/23/22 | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. | Apply updates per vendor instructions. | 6/13/22 | CVE-2019-7286 |
| iOS | Apple iOS Memory Corruption Vulnerability | 5/23/22 | Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. | Apply updates per vendor instructions. | 6/13/22 | CVE-2019-7287 |
| Multiple Products | Apple Multiple Products Type Confusion Vulnerability | 5/4/22 | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | Apply updates per vendor instructions. | 5/25/22 | CVE-2021-1789 |
| Multiple Products | Apple Multiple Products Type Confusion Vulnerability | 5/4/22 | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | Apply updates per vendor instructions. | 5/25/22 | CVE-2019-8506 |
| macOS | Apple macOS Out-of-Bounds Write Vulnerability | 4/4/22 | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | Apply updates per vendor instructions. | 4/25/22 | CVE-2022-22675 |
| macOS | Apple macOS Out-of-Bounds Read Vulnerability | 4/4/22 | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | Apply updates per vendor instructions. | 4/25/22 | CVE-2022-22674 |
| Webkit | Apple Webkit Remote Code Execution Vulnerability | 2/11/22 | Apple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution. | Apply updates per vendor instructions. | 2/25/22 | CVE-2022-22620 |
| OS X | Apple OS X Authentication Bypass Vulnerability | 2/10/22 | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | Apply updates per vendor instructions. | 8/10/22 | CVE-2015-1130 |
| OS X | Apple OS X Heap-Based Buffer Overflow Vulnerability | 2/10/22 | Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | Apply updates per vendor instructions. | 8/10/22 | CVE-2014-4404 |
| iOS and macOS | Apple Memory Corruption Vulnerability | 1/28/22 | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | Apply updates per vendor instructions. | 2/11/22 | CVE-2022-22587 |
| iOS and iPadOS | Apple 11-13.5 XNU Kernel Vulnerability | 11/3/21 | A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. | Apply updates per vendor instructions. | 5/3/22 | CVE-2020-9859 |
Get the Weekly Cybersecurity Newsletter
Subscribe to get security news and industry ratings updates in your inbox.