2022 - 2023 Apple Vulnerabilities - CISA Known Exploited Vulnerabilities

This list highlights the latest CISA catalogue entries of Known Exploited Vulnerabilities from Apple and Apple products in 2022-2023.

 

Product Vulnerability Name Date Added Short Description Required Action Due Date Detail Link
Multiple Products Apple Multiple Products WebKit Type Confusion Vulnerability 02/14/23 WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution. Apply updates per vendor instructions. 01/04/23 CVE-2023-23529
iOS Apple iOS Type Confusion Vulnerability 12/14/22 Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. Apply updates per vendor instructions. 01/04/23 CVE-2022-42856
iOS and iPadOS Apple iOS and iPadOS Out-of-Bounds Write Vulnerability 10/25/22 Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. Apply updates per vendor instructions. 11/15/22 CVE-2022-42827
iOS, iPadOS, and macOS Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability 9/14/22 Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. Apply updates per vendor instructions. 10/5/22 CVE-2022-32917
OS, iPadOS, and macOS Apple iOS, iPadOS, and macOS Input Validation Vulnerability 9/8/22 Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. Apply updates per vendor instructions. 9/29/22 CVE-2021-31010
iOS, macOS, watchOS Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability 8/25/22 In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. Apply updates per vendor instructions. 9/15/22 CVE-2021-31010
iOS and macOS Apple iOS and macOS Out-of-Bounds Write Vulnerability 8/18/22 Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 9/8/22 CVE-2022-32894
iOS and macOS Apple iOS and macOS Out-of-Bounds Write Vulnerability 8/18/22 Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. Apply updates per vendor instructions. 9/8/22 CVE-2022-32893
iOS and iPadOS Apple iOS and iPadOS Buffer Overflow Vulnerability 6/27/22 Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 7/18/22 CVE-2021-30983
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 6/27/22 Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 7/18/22 CVE-2020-3837
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 6/27/22 Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. Apply updates per vendor instructions. 7/18/22 CVE-2020-9907
Multiple Products Apple Multiple Products Use-After-Free Vulnerability 6/27/22 A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. Apply updates per vendor instructions. 7/18/22 CVE-2019-8605
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 6/27/22 Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. Apply updates per vendor instructions. 7/18/22 CVE-2018-4344
iOS Apple iOS Information Disclosure Vulnerability 5/24/22 The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. Apply updates per vendor instructions. 6/14/22 CVE-2016-4655
iOS Apple iOS Memory Corruption Vulnerability 5/24/22 A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. Apply updates per vendor instructions. 6/14/22 CVE-2016-4656
iOS Apple iOS Webkit Memory Corruption Vulnerability 5/24/22 WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. Apply updates per vendor instructions. 6/14/22 CVE-2016-4657
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 5/23/22 Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. Apply updates per vendor instructions. 6/13/22 CVE-2021-30883
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 5/23/22 Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. Apply updates per vendor instructions. 6/13/22 CVE-2019-7286
iOS Apple iOS Memory Corruption Vulnerability 5/23/22 Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. Apply updates per vendor instructions. 6/13/22 CVE-2019-7287
Multiple Products Apple Multiple Products Type Confusion Vulnerability 5/4/22 A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. Apply updates per vendor instructions. 5/25/22 CVE-2021-1789
Multiple Products Apple Multiple Products Type Confusion Vulnerability 5/4/22 A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. Apply updates per vendor instructions. 5/25/22 CVE-2019-8506
macOS Apple macOS Out-of-Bounds Write Vulnerability 4/4/22 macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 4/25/22 CVE-2022-22675
macOS Apple macOS Out-of-Bounds Read Vulnerability 4/4/22 macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. Apply updates per vendor instructions. 4/25/22 CVE-2022-22674
Webkit Apple Webkit Remote Code Execution Vulnerability 2/11/22 Apple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2/25/22 CVE-2022-22620
OS X Apple OS X Authentication Bypass Vulnerability 2/10/22 The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. Apply updates per vendor instructions. 8/10/22 CVE-2015-1130
OS X Apple OS X Heap-Based Buffer Overflow Vulnerability 2/10/22 Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. Apply updates per vendor instructions. 8/10/22 CVE-2014-4404
iOS and macOS Apple Memory Corruption Vulnerability 1/28/22 Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2/11/22 CVE-2022-22587
iOS and iPadOS Apple 11-13.5 XNU Kernel Vulnerability 11/3/21 A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 5/3/22 CVE-2020-9859