Every CVE whose affected-product data names Apple Iphone Os, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2014-4486 — CVSS 10.0 (critical): IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists…
CVE-2008-3529 — CVSS 10.0 (critical): Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers…
CVE-2010-1809 — CVSS 10.0 (critical): The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement…
CVE-2014-4480 — CVSS 10.0 (critical): Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access…
CVE-2011-3046 — CVSS 10.0 (critical): The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to…
CVE-2014-1356 — CVSS 10.0 (critical): Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to…
CVE-2014-1357 — CVSS 10.0 (critical): Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to…
CVE-2014-1358 — CVSS 10.0 (critical): Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute…
CVE-2014-1359 — CVSS 10.0 (critical): Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute…
CVE-2019-6235 — CVSS 10.0 (critical): A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2…
CVE-2012-5112 — CVSS 10.0 (critical): Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to…
CVE-2010-3116 — CVSS 10.0 (critical): Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before…
CVE-2014-4495 — CVSS 10.0 (critical): The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a…
CVE-2015-5903 — CVSS 10.0 (critical): The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified…
CVE-2009-2204 — CVSS 10.0 (critical): Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code…
CVE-2022-32845 — CVSS 10.0 (critical): This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app…
CVE-2008-4211 — CVSS 10.0 (critical): Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS…
CVE-2015-6988 — CVSS 10.0 (critical): The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers…
CVE-2015-7113 — CVSS 10.0 (critical): The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged…
CVE-2015-8659 — CVSS 10.0 (critical): The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free…
CVE-2014-4489 — CVSS 10.0 (critical): IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues…
CVE-2010-1119 — CVSS 10.0 (critical): Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X…
CVE-2014-4488 — CVSS 10.0 (critical): IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue…
CVE-2014-4487 — CVSS 10.0 (critical): Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute…
CVE-2018-4310 — CVSS 10.0 (critical): An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
CVE-2019-8779 — CVSS 10.0 (critical): A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This…
CVE-2023-32419 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to…
CVE-2016-4615 — CVSS 9.8 (critical): libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2…
CVE-2019-8712 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application…
CVE-2019-8703 — CVSS 9.8 (critical): This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An…
CVE-2016-4616 — CVSS 9.8 (critical): libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2…
CVE-2023-37285 — CVSS 9.8 (critical): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur…
CVE-2022-42808 — CVSS 9.8 (critical): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS…
CVE-2022-32839 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update…
CVE-2023-23526 — CVSS 9.8 (critical): This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in…
CVE-2021-1882 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and…
CVE-2019-8662 — CVSS 9.8 (critical): This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker…
CVE-2019-8660 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4…
CVE-2019-8648 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4…
CVE-2017-2524 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2019-8647 — CVSS 9.8 (critical): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote…
CVE-2022-37434 — CVSS 9.8 (critical): zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE…
CVE-2023-40414 — CVSS 9.8 (critical): A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17…
CVE-2019-8613 — CVSS 9.8 (critical): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote…
CVE-2019-8600 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3…
CVE-2024-44299 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may…
CVE-2021-1864 — CVSS 9.8 (critical): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS…
CVE-2022-42813 — CVSS 9.8 (critical): A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed…
CVE-2025-43428 — CVSS 9.8 (critical): A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2…
CVE-2021-1818 — CVSS 9.8 (critical): A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina…
CVE-2021-1796 — CVSS 9.8 (critical): An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may…
CVE-2023-34425 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS…
CVE-2021-1795 — CVSS 9.8 (critical): An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may…
CVE-2022-22632 — CVSS 9.8 (critical): A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur…
CVE-2022-22641 — CVSS 9.8 (critical): A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS…
CVE-2025-43362 — CVSS 9.8 (critical): The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to…
CVE-2021-1794 — CVSS 9.8 (critical): An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may…
CVE-2025-43359 — CVSS 9.8 (critical): A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS…
CVE-2016-4658 — CVSS 9.8 (critical): xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other…
CVE-2019-8547 — CVSS 9.8 (critical): An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This…
CVE-2023-28201 — CVSS 9.8 (critical): This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4…
CVE-2019-8531 — CVSS 9.8 (critical): A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS…
CVE-2022-26760 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious…
CVE-2025-43347 — CVSS 9.8 (critical): This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS…
CVE-2025-43343 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26…
CVE-2025-43342 — CVSS 9.8 (critical): A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26…
CVE-2024-44242 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may…
CVE-2017-2513 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2024-54534 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS…
CVE-2021-1770 — CVSS 9.8 (critical): A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4…
CVE-2025-43234 — CVSS 9.8 (critical): Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS…
CVE-2019-7288 — CVSS 9.8 (critical): The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update…
CVE-2016-7630 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows…
CVE-2017-2518 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2019-6206 — CVSS 9.8 (critical): An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed…
CVE-2019-6203 — CVSS 9.8 (critical): A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker…
CVE-2022-32788 — CVSS 9.8 (critical): A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6…
CVE-2026-28858 — CVSS 9.8 (critical): A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able…
CVE-2020-9898 — CVSS 9.8 (critical): This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed…
CVE-2020-9895 — CVSS 9.8 (critical): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS…
CVE-2017-2423 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the…
CVE-2015-7987 — CVSS 9.8 (critical): Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via…
CVE-2022-22635 — CVSS 9.8 (critical): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An…
CVE-2017-2519 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2020-9850 — CVSS 9.8 (critical): A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari…
CVE-2020-9838 — CVSS 9.8 (critical): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may…
CVE-2017-2428 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is…
CVE-2015-7988 — CVSS 9.8 (critical): The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial…
CVE-2016-4702 — CVSS 9.8 (critical): Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or…
CVE-2022-26711 — CVSS 9.8 (critical): An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS…
CVE-2021-30820 — CVSS 9.8 (critical): A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able…
CVE-2018-4367 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
CVE-2016-7663 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is…
CVE-2017-2520 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2022-32941 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and…
CVE-2025-43209 — CVSS 9.8 (critical): An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9…
CVE-2017-11121 — CVSS 9.8 (critical): On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can…
CVE-2022-42837 — CVSS 9.8 (critical): An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and…
CVE-2023-32412 — CVSS 9.8 (critical): A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4…
CVE-2025-43186 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma…
CVE-2022-42842 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS…
CVE-2025-31255 — CVSS 9.8 (critical): An authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS…
CVE-2018-4332 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14…
CVE-2018-4331 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14…
CVE-2020-3911 — CVSS 9.8 (critical): A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4…
CVE-2020-3910 — CVSS 9.8 (critical): A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4…
CVE-2020-3909 — CVSS 9.8 (critical): A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4…
CVE-2022-22642 — CVSS 9.8 (critical): This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency…
CVE-2025-24167 — CVSS 9.8 (critical): This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia…
CVE-2018-4298 — CVSS 9.8 (critical): In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed…
CVE-2025-24178 — CVSS 9.8 (critical): This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia…
CVE-2025-24190 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4…
CVE-2017-2434 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows…
CVE-2023-40400 — CVSS 9.8 (critical): This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote…
CVE-2024-44241 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may…
CVE-2010-1205 — CVSS 9.8 (critical): Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote…
CVE-2017-11120 — CVSS 9.8 (critical): On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger…
CVE-2016-1761 — CVSS 9.8 (critical): libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a…
CVE-2021-31009 — CVSS 9.8 (critical): Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in…
CVE-2025-31183 — CVSS 9.8 (critical): The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia…
CVE-2020-36329 — CVSS 9.8 (critical): A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat…
CVE-2020-36328 — CVSS 9.8 (critical): A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an…
CVE-2025-31182 — CVSS 9.8 (critical): This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS…
CVE-2016-4614 — CVSS 9.8 (critical): libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2…
CVE-2017-2522 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2016-0801 — CVSS 9.8 (critical): The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote…
CVE-2018-4189 — CVSS 9.8 (critical): In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS…
CVE-2017-7062 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is…
CVE-2008-3612 — CVSS 9.8 (critical): The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence…
CVE-2016-9843 — CVSS 9.8 (critical): The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving…
CVE-2018-4148 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer…
CVE-2018-4147 — CVSS 9.8 (critical): In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption…
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2023-38604 — CVSS 9.8 (critical): An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS…
CVE-2025-30466 — CVSS 9.8 (critical): This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia…
CVE-2025-30433 — CVSS 9.8 (critical): This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia…
CVE-2018-4124 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected…
CVE-2025-30430 — CVSS 9.8 (critical): This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS…
CVE-2025-30426 — CVSS 9.8 (critical): This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia…
CVE-2025-24264 — CVSS 9.8 (critical): The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS…
CVE-2017-2523 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is…
CVE-2022-46709 — CVSS 9.8 (critical): A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able…
CVE-2018-4115 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is…
CVE-2018-4110 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows…
CVE-2017-8248 — CVSS 9.8 (critical): A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th…
CVE-2025-24238 — CVSS 9.8 (critical): A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5…
CVE-2025-24237 — CVSS 9.8 (critical): A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS…
CVE-2025-24230 — CVSS 9.8 (critical): An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6…
CVE-2023-38598 — CVSS 9.8 (critical): A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8…
CVE-2017-7130 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected…
CVE-2017-7129 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected…
CVE-2017-7128 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected…
CVE-2016-4607 — CVSS 9.8 (critical): libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2…
CVE-2016-4609 — CVSS 9.8 (critical): libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2…
CVE-2025-24211 — CVSS 9.8 (critical): This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4…
CVE-2017-7103 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The…
CVE-2016-9841 — CVSS 9.8 (critical): inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-7112 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The…
CVE-2019-8749 — CVSS 9.8 (critical): Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13…
CVE-2017-7110 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The…
CVE-2017-7108 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The…
CVE-2019-8746 — CVSS 9.8 (critical): An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows…
CVE-2017-7105 — CVSS 9.8 (critical): An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The…
CVE-2023-36495 — CVSS 9.8 (critical): An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and…
CVE-2019-8562 — CVSS 9.6 (critical): A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4…
CVE-2016-4734 — CVSS 9.6 (critical): WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2019-8617 — CVSS 9.6 (critical): An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to…
CVE-2024-4558 — CVSS 9.6 (critical): Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2024-40867 — CVSS 9.6 (critical): A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote…
CVE-2012-0635 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2015-6979 — CVSS 9.3 (critical): GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory…
CVE-2012-0596 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2012-0623 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2015-5846 — CVSS 9.3 (critical): IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service…
CVE-2015-7109 — CVSS 9.3 (critical): IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or…
CVE-2013-5139 — CVSS 9.3 (critical): The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds…
CVE-2013-0999 — CVSS 9.3 (critical): WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service…
CVE-2012-0604 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2015-5845 — CVSS 9.3 (critical): IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service…
CVE-2012-0592 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2013-1000 — CVSS 9.3 (critical): WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service…
CVE-2013-1001 — CVSS 9.3 (critical): WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service…
CVE-2012-0605 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2012-0606 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2013-1002 — CVSS 9.3 (critical): WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service…
CVE-2015-5844 — CVSS 9.3 (critical): IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service…
CVE-2015-7051 — CVSS 9.3 (critical): MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to…
CVE-2011-3430 — CVSS 9.3 (critical): The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly…
CVE-2015-7112 — CVSS 9.3 (critical): The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute…
CVE-2012-0607 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2012-0612 — CVSS 9.3 (critical): WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of…