Vulnerabilities in Apple
3,758 resultsVexday analysis
O ecossistema Apple acumula 3.758 CVEs catalogadas, das quais 87 estão confirmadas em exploração ativa no catálogo KEV da CISA — uma taxa que supera em 5,2 vezes a média geral do catálogo, sinalizando exposição operacional significativamente elevada. Com 154 vulnerabilidades de severidade crítica e 72 com prova de conceito pública disponível, a superfície de ataque explorável é considerável, exigindo priorização rigorosa de patches. O tipo de falha mais recorrente é CWE-200 (exposição de informações sensíveis), padrão que tende a facilitar movimentação lateral e exfiltração de dados em cadeias de ataque mais complexas. A CVE mais perigosa atualmente ativa, CVE-2021-30860, apresenta EPSS de 0,76, indicando alta probabilidade de exploração, e deve ser tratada como prioridade imediata por equipes ainda não corrigidas.
CVE-2021-30942—Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed iEPSS 1.5%CVE-2022-22584—A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, mEPSS 1.5%CVE-2019-8620—A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A devicEPSS 1.5%CVE-2022-46691HIGHA memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iEPSS 1.5%CVE-2024-23213HIGHThe issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOSEPSS 1.5%CVE-2025-24104MEDIUMThis issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a malEPSS 1.5%CVE-2024-23263HIGHA logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS EPSS 1.5%CVE-2022-22592—A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari EPSS 1.5%CVE-2020-3838—The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 1EPSS 1.5%CVE-2019-8656—This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.EPSS 1.5%CVE-2020-9922—A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, EPSS 1.5%CVE-2024-23284MEDIUMA logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iEPSS 1.5%CVE-2019-6206—An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed iEPSS 1.5%CVE-2024-23225HIGHA memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 1EPSS 1.5%KEVCVE-2020-9952—An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS EPSS 1.5%CVE-2019-8756—Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloudEPSS 1.5%CVE-2019-8749—Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloudEPSS 1.5%CVE-2022-22632—A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5EPSS 1.5%CVE-2021-30966—A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.EPSS 1.5%CVE-2021-1860—A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, SecuritEPSS 1.5%