Apple iOS vulnerabilities: known CVEs & security history
Apple · Operating system · 2000 tracked CVEs · 9 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Apple iOS release lines — 2000 in total, with 9 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Apple iOS's current status and the safe version to run.
Known Apple iOS CVEs
Actively-exploited and most-severe first. Showing the top 80 of 2000. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2016-1019⚡ exploited | critical | 9.8 | 22% | 2016 |
| CVE-2016-4657⚡ exploited | high | 8.8 | 67% | 2016 |
| CVE-2016-1010⚡ exploited | high | 8.8 | 20% | 2016 |
| CVE-2016-0984⚡ exploited | high | 8.8 | 55% | 2016 |
| CVE-2015-8651⚡ exploited | high | 8.8 | 68% | 2015 |
| CVE-2016-4656⚡ exploited | high | 7.8 | 24% | 2016 |
| CVE-2014-4404⚡ exploited | high | 7.8 | 49% | 2014 |
| CVE-2019-6223⚡ exploited | high | 7.5 | 3% | 2019 |
| CVE-2016-4655⚡ exploited | medium | 5.5 | 33% | 2016 |
| CVE-2018-4310 | critical | 10 | 2% | 2019 |
| CVE-2019-6235 | critical | 10 | 2% | 2019 |
| CVE-2015-8659 | critical | 10 | 4% | 2016 |
| CVE-2015-8459 | critical | 10 | 6% | 2015 |
| CVE-2018-4332 | critical | 9.8 | 2% | 2019 |
| CVE-2018-4331 | critical | 9.8 | 4% | 2019 |
| CVE-2019-6206 | critical | 9.8 | 1% | 2019 |
| CVE-2018-4298 | critical | 9.8 | 1% | 2019 |
| CVE-2018-4189 | critical | 9.8 | 2% | 2019 |
| CVE-2018-4147 | critical | 9.8 | 2% | 2019 |
| CVE-2018-4148 | critical | 9.8 | 5% | 2018 |
| CVE-2018-4124 | critical | 9.8 | 7% | 2018 |
| CVE-2018-4115 | critical | 9.8 | 2% | 2018 |
| CVE-2018-4110 | critical | 9.8 | 4% | 2018 |
| CVE-2017-7130 | critical | 9.8 | 2% | 2017 |
| CVE-2017-7129 | critical | 9.8 | 2% | 2017 |
| CVE-2017-7128 | critical | 9.8 | 2% | 2017 |
| CVE-2017-7112 | critical | 9.8 | 4% | 2017 |
| CVE-2017-7110 | critical | 9.8 | 4% | 2017 |
| CVE-2017-7108 | critical | 9.8 | 4% | 2017 |
| CVE-2017-7105 | critical | 9.8 | 4% | 2017 |
| CVE-2017-7103 | critical | 9.8 | 3% | 2017 |
| CVE-2017-11121 | critical | 9.8 | 3% | 2017 |
| CVE-2017-11120 | critical | 9.8 | 9% | 2017 |
| CVE-2017-8248 | critical | 9.8 | 3% | 2017 |
| CVE-2017-7062 | critical | 9.8 | 4% | 2017 |
| CVE-2016-0959 | critical | 9.8 | 5% | 2017 |
| CVE-2016-9843 | critical | 9.8 | 6% | 2017 |
| CVE-2016-9841 | critical | 9.8 | 7% | 2017 |
| CVE-2017-2524 | critical | 9.8 | 7% | 2017 |
| CVE-2017-2523 | critical | 9.8 | 11% | 2017 |
| CVE-2017-2522 | critical | 9.8 | 7% | 2017 |
| CVE-2017-2520 | critical | 9.8 | 5% | 2017 |
| CVE-2017-2519 | critical | 9.8 | 4% | 2017 |
| CVE-2017-2518 | critical | 9.8 | 5% | 2017 |
| CVE-2017-2513 | critical | 9.8 | 3% | 2017 |
| CVE-2017-2434 | critical | 9.8 | 2% | 2017 |
| CVE-2017-2428 | critical | 9.8 | 3% | 2017 |
| CVE-2017-2423 | critical | 9.8 | 2% | 2017 |
| CVE-2016-7663 | critical | 9.8 | 3% | 2017 |
| CVE-2016-7630 | critical | 9.8 | 1% | 2017 |
| CVE-2016-4702 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4658 | critical | 9.8 | 9% | 2016 |
| CVE-2016-4616 | critical | 9.8 | 3% | 2016 |
| CVE-2016-4615 | critical | 9.8 | 3% | 2016 |
| CVE-2016-4614 | critical | 9.8 | 3% | 2016 |
| CVE-2016-4610 | critical | 9.8 | 5% | 2016 |
| CVE-2016-4609 | critical | 9.8 | 5% | 2016 |
| CVE-2016-4608 | critical | 9.8 | 5% | 2016 |
| CVE-2016-4607 | critical | 9.8 | 5% | 2016 |
| CVE-2015-7988 | critical | 9.8 | 5% | 2016 |
| CVE-2015-7987 | critical | 9.8 | 3% | 2016 |
| CVE-2016-4163 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4162 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4161 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4160 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4121 | critical | 9.8 | 10% | 2016 |
| CVE-2016-4120 | critical | 9.8 | 6% | 2016 |
| CVE-2016-4448 | critical | 9.8 | 7% | 2016 |
| CVE-2016-1761 | critical | 9.8 | 7% | 2016 |
| CVE-2016-0801 | critical | 9.8 | 33% | 2016 |
| CVE-2010-1205 | critical | 9.8 | 43% | 2010 |
| CVE-2008-3612 | critical | 9.8 | 4% | 2008 |
| CVE-2018-17472 | critical | 9.6 | 1% | 2018 |
| CVE-2016-4734 | critical | 9.6 | 3% | 2016 |
| CVE-2015-7113 | high | 10 | 3% | 2015 |
| CVE-2015-8457 | high | 10 | 9% | 2015 |
| CVE-2015-8455 | high | 10 | 6% | 2015 |
| CVE-2015-8454 | high | 10 | 7% | 2015 |
| CVE-2015-8452 | high | 10 | 7% | 2015 |
| CVE-2015-8451 | high | 10 | 6% | 2015 |
1920 older / lower-severity CVEs not shown — see Apple iOS's full record.
Is my Apple iOS version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Apple iOS version → · Monitor Apple iOS for new CVEs →
Apple iOS vulnerabilities — frequently asked
How many known vulnerabilities does Apple iOS have?
IsItPatched tracks 2000 CVEs for Apple iOS, 9 of which are actively exploited (CISA KEV). 66 are critical-severity and 953 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Apple iOS have any actively-exploited vulnerabilities?
Yes — 9 Apple iOS CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (1 linked to ransomware). Patch these as a priority.
What is the most severe Apple iOS vulnerability?
Among tracked issues, CVE-2016-1019 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest.
Is Apple iOS safe to use?
It depends on the version. The latest supported Apple iOS release (26.5.1) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Apple iOS security status · Apple iOS end-of-life · actively-exploited CVEs. Always verify against Apple's advisories — see our disclaimer.