Apple
iOS
Apple operating system for iPhone.
17.7.2
- Release date
- November 19, 2024
- CVE status
- 25 visible CVEs
Source
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 26.3.1 | 2026-03-04 | Release Notes |
| 17.7.10 | 2025-08-20 | Release Notes |
| 17.7.2 | 2024-11-19 | Release Notes |
Vulnerability tracking
Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2025-43202 | HIGH (8.8) | 2026-04-02 | Current versionaffected | This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption. Affected versions
|
| CVE-2026-28894 | HIGH (7.5) | 2026-03-25 | Current versionaffected | A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service. Affected versions
|
| CVE-2026-28876 | HIGH (7.5) | 2026-03-25 | Current versionaffected | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user data. Affected versions
|
| CVE-2026-28875 | HIGH (7.5) | 2026-03-25 | Current versionaffected | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service. Affected versions
|
| CVE-2026-28874 | HIGH (7.5) | 2026-03-25 | Current versionaffected | The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cause an unexpected app termination. Affected versions
|
| CVE-2026-28865 | HIGH (7.5) | 2026-03-25 | Current versionaffected | An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic. Affected versions
|
| CVE-2026-28858 | CRITICAL (9.8) | 2026-03-25 | Current versionaffected | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory. Affected versions
|
| CVE-2026-28855 | HIGH (7.5) | 2026-03-25 | Current versionaffected | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3. An app may be able to access protected user data. Affected versions
|
| CVE-2026-20698 | HIGH (7.8) | 2026-03-25 | Current versionaffected | The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. Affected versions
|
| CVE-2026-20688 | CRITICAL (9.3) | 2026-03-25 | Current versionaffected | A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. Affected versions
|
| CVE-2026-20687 | HIGH (7.1) | 2026-03-25 | Current versionaffected | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory. Affected versions
|
| CVE-2023-43010 | HIGH (8.8) | 2026-03-12 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. Affected versions
Show 1 more
|
| CVE-2026-20700 | HIGH (7.8) | 2026-02-11 | Current versionaffected | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. Affected versions
|
| CVE-2026-20677 | CRITICAL (9.0) | 2026-02-11 | Current versionaffected | A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions. Affected versions
|
| CVE-2026-20675 | HIGH (7.8) | 2026-02-11 | Current versionaffected | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information. Affected versions
|
| CVE-2026-20667 | HIGH (8.8) | 2026-02-11 | Current versionaffected | A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox. Affected versions
|
| CVE-2026-20660 | HIGH (7.5) | 2026-02-11 | Current versionaffected | A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files. Affected versions
|
| CVE-2026-20652 | HIGH (7.5) | 2026-02-11 | Current versionaffected | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. Affected versions
|
| CVE-2026-20650 | HIGH (7.5) | 2026-02-11 | Current versionaffected | A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets. Affected versions
|
| CVE-2026-20649 | HIGH (7.5) | 2026-02-11 | Current versionaffected | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information. Affected versions
|
| CVE-2026-20641 | HIGH (7.1) | 2026-02-11 | Current versionaffected | A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed. Affected versions
|
| CVE-2026-20628 | HIGH (7.1) | 2026-02-11 | Current versionaffected | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox. Affected versions
|
| CVE-2026-20626 | HIGH (7.8) | 2026-02-11 | Current versionaffected | This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges. Affected versions
|
| CVE-2026-20617 | HIGH (7.0) | 2026-02-11 | Current versionaffected | A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges. Affected versions
|
| CVE-2026-20616 | HIGH (8.8) | 2026-02-11 | Current versionaffected | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination. Affected versions
|