CVE Daily
← All tags

Tag: Apple iPad

All CVEs associated with "Apple iPad". Page 1/1 • 37 CVEs.

About “Apple iPad”

A curated feed of “Apple iPad”-related CVEs appears below. We currently track 37 CVEs for this tag (all time). In the last 365 days, 6 were published. Average CVSS is 6.0 (all time; 8.1 over 365d), and 32% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-191 - Integer Underflow (Wrap or Wraparound), CWE-122 - Heap-based Buffer Overflow, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a LOW impact class. Mobile OS and devices protect account and app access. Update OS, enforce MDM policies, disable sideloading, and restrict developer options. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: ipad

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
pro-8-11--
pro-8-13--
11--
air-7-11--
air-7-13--
mini-7--
pro-7-11--
pro-7-13--
air-6-11--
air-6-13--
10--
pro-6--
air-5--
9--
mini-6--
pro-5-12--
air-4-
8--
pro-4-12--
pro-4-11--
pro-2-11--
7--
mini-5--
air-3--
pro-3-11--
pro-3-12--
pro-1-11--
6--
pro-1-10- Soon
pro-2-12- Soon
5- Expired
pro-1-9- Expired
pro-1-12- Expired
mini-4- Expired
mini-3- Expired
air-2- Expired
mini-2- Expired
air-1- Expired
mini-1- Expired
4- Expired
3- Expired
2- Expired
1- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Apple iPad”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-12-09
Critical

CVE-2025-65882

An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write ar…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-11-11
High

CVE-2025-61836

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2025-61829

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-61828

Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-61827

Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-61826

Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2025-01-14
High

CVE-2025-21134

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2025-21133

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2022-11-16
High

CVE-2022-43264

Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-43263

A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2021-09-27
High

CVE-2021-34409

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad be…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2021-02-11
Low

CVE-2021-21301

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first ha…

CVSS: 2.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2019-03-21
Medium

CVE-2018-17502

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-08-16
Critical

CVE-2017-8248

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-04-21
Medium

CVE-2016-4829

DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2015-07-16
Low

CVE-2015-2598

Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect inte…

CVSS: 3.5 CWE: N/A View on NVD
2015-04-28
Medium

CVE-2015-1151

Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
2014-09-09
Medium

CVE-2014-5555

The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-5554

The Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-5553

The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-5552

The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-5551

The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at…

CVSS: 5.4 CWE: CWE-310 View on NVD
2014-03-26
Medium

CVE-2014-1828

The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2014-1827

The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as d…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2014-1826

Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML vi…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-01-05
Medium

CVE-2012-2898

Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibox URL via vectors involving SSL error messages, a related issue to CVE-2012-0674.

CVSS: 5.0 CWE: CWE-310 View on NVD
2013-11-12
Medium

CVE-2013-5726

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform un…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2013-06-05
Medium

CVE-2013-3955

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to caus…

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
2012-08-07
Medium

CVE-2012-2648

Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arb…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-07-17
Low

CVE-2012-0800

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2011-11-11
Low

CVE-2011-3440

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover dur…

CVSS: 1.2 CWE: CWE-264 View on NVD
2011-03-10
Medium

CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows rem…

CVSS: 6.8 CWE: CWE-399 View on NVD
2010-11-26
Medium

CVE-2010-3832

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-08-25
Medium

CVE-2010-2711

Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.

CVSS: 6.4 CWE: N/A View on NVD
2010-08-20
Medium

CVE-2010-1768

Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod to…

CVSS: 6.9 CWE: N/A View on NVD
2010-08-16
Critical

CVE-2010-1797

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-08-05
Medium

CVE-2010-2973

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, a…

CVSS: 6.9 CWE: CWE-264 View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox