apple security advisories
46 threat alerts tracking vulnerabilities and security advisories that affect apple products.
Vulnios monitors apple CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent apple security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2016-4702 — apple — iphone_os, mac_os_x
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified
criticalCVE-2016-4702Critical Vulnerability: CVE-2016-4694 — apple — mac_os_x, os_x_server
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data
criticalCVE-2016-4694Critical Vulnerability: CVE-2016-4734 — apple — safari, iphone_os
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differe
criticalCVE-2016-4734Critical Vulnerability: CVE-2016-4629 — apple — mac_os_x
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
criticalCVE-2016-4629Critical Vulnerability: CVE-2016-4598 — apple — mac_os_x
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
criticalCVE-2016-4598Critical Vulnerability: CVE-2015-7029 — apple — airport_base_station_firmware
Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
criticalCVE-2015-7029Critical Vulnerability: CVE-2015-7987 — apple — iphone_os, mac_os_x
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForM
criticalCVE-2015-7987Critical Vulnerability: CVE-2015-7988 — apple — iphone_os, mac_os_x
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vector
criticalCVE-2015-7988Critical Vulnerability: CVE-2016-1761 — apple — iphone_os, mac_os_x
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML docume
criticalCVE-2016-1761Critical Vulnerability: CVE-2016-1741 — apple — mac_os_x
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via
criticalCVE-2016-1741Critical Vulnerability: CVE-2010-1378 — apple — mac_os_x, mac_os_x_server
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a l
criticalCVE-2010-1378Critical Vulnerability: CVE-2008-3612 — apple — iphone_os
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP conn
criticalCVE-2008-3612Critical Vulnerability: CVE-2017-17821 — apple — safari
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other imp
criticalCVE-2017-17821Critical Vulnerability: CVE-2017-13846 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of
criticalCVE-2017-13846Critical Vulnerability: CVE-2017-13832 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0
criticalCVE-2017-13832Critical Vulnerability: CVE-2017-13815 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of
criticalCVE-2017-13815Critical Vulnerability: CVE-2017-7124 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of s
criticalCVE-2017-7124Critical Vulnerability: CVE-2017-7125 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of s
criticalCVE-2017-7125Critical Vulnerability: CVE-2017-7129 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-par
criticalCVE-2017-7129Critical Vulnerability: CVE-2017-7105 — apple — iphone_os, tvos
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote
criticalCVE-2017-7105Critical Vulnerability: CVE-2017-7108 — apple — iphone_os, tvos
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote
criticalCVE-2017-7108Critical Vulnerability: CVE-2017-7103 — apple — iphone_os, tvos
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote
criticalCVE-2017-7103Critical Vulnerability: CVE-2017-7123 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of s
criticalCVE-2017-7123Critical Vulnerability: CVE-2017-7110 — apple — iphone_os, tvos
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote
criticalCVE-2017-7110Critical Vulnerability: CVE-2017-7121 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of s
criticalCVE-2017-7121Critical Vulnerability: CVE-2017-7122 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of s
criticalCVE-2017-7122Critical Vulnerability: CVE-2017-7130 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-par
criticalCVE-2017-7130Critical Vulnerability: CVE-2017-7126 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of s
criticalCVE-2017-7126Critical Vulnerability: CVE-2017-7128 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-par
criticalCVE-2017-7128Critical Vulnerability: CVE-2017-7112 — apple — iphone_os, tvos
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote
criticalCVE-2017-7112Critical Vulnerability: CVE-2017-8248 — apple — iphone_os
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
criticalCVE-2017-8248Critical Vulnerability: CVE-2017-7062 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves
criticalCVE-2017-7062Critical Vulnerability: CVE-2017-2513 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves
criticalCVE-2017-2513Critical Vulnerability: CVE-2017-2527 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a d
criticalCVE-2017-2527Critical Vulnerability: CVE-2017-2523 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves
criticalCVE-2017-2523Critical Vulnerability: CVE-2017-2524 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves
criticalCVE-2017-2524Critical Vulnerability: CVE-2017-2522 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves
criticalCVE-2017-2522Critical Vulnerability: CVE-2011-3428 — apple — quicktime
Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.
criticalCVE-2011-3428Critical Vulnerability: CVE-2017-5949 — apple — safari
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibl
criticalCVE-2017-5949Critical Vulnerability: CVE-2017-2434 — apple — iphone_os
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence
criticalCVE-2017-2434Critical Vulnerability: CVE-2017-2423 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass inte
criticalCVE-2017-2423Critical Vulnerability: CVE-2017-2428 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghtt
criticalCVE-2017-2428Critical Vulnerability: CVE-2017-2402 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multip
criticalCVE-2017-2402Critical Vulnerability: CVE-2017-2477 — apple — mac_os_x
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corrupt
criticalCVE-2017-2477Critical Vulnerability: CVE-2016-7663 — apple — iphone_os, mac_os_x
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. I
criticalCVE-2016-7663Critical Vulnerability: CVE-2016-7630 — apple — iphone_os
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspeci
criticalCVE-2016-7630
Track apple exposure across your environment
Vulnios automatically cross-references your asset inventory against new apple CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan