This document describes the security content of iPadOS 17.7.3.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released December 11, 2024
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Photos in the Hidden Photos Album may be viewed without authentication
Description: A logic issue was addressed with improved file handling.
CVE-2024-54488: Benjamin Hornbeck, Skadz (@skadz108), Chi Yuan Chang of ZUSO ART and taikosoup
Entry added January 27, 2025
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-54486: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-54500: Junsung Lee working with Trend Micro Zero Day Initiative
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2024-54468: an anonymous researcher
Entry added January 27, 2025
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An attacker may be able to create a read-only memory mapping that can be written to
Description: A race condition was addressed with additional validation.
CVE-2024-54494: sohybbyk
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to leak sensitive kernel state
Description: A race condition was addressed with improved locking.
CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2024-44245: an anonymous researcher
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing a malicious crafted file may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2024-44201: Ben Roeder
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: A remote attacker may cause an unexpected app termination or arbitrary code execution
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-45490
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to cause a denial-of-service
Description: An app could impersonate system notifications. Sensitive notifications now require restricted entitlements.
CVE-2025-24091: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Entry added April 30, 2025
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An app may be able to gain elevated privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-44225: 风沐云烟(@binary_fmyy)
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An attacker in a privileged network position may be able to alter network traffic
Description: This issue was addressed by using HTTPS when sending information over the network.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website
Description: The issue was addressed with improved routing of Safari-originated requests.
CVE-2024-44246: Jacob Braun
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing a maliciously crafted file may lead to a denial of service
Description: The issue was addressed with improved checks.
CVE-2024-54501: Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: An attacker with physical access to an iPadOS device may be able to view notification content from the lock screen
Description: The issue was addressed by adding additional logic.
CVE-2024-54485: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278497
CVE-2024-54479: Seunghyun Lee
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: A type confusion issue was addressed with improved memory handling.
WebKit Bugzilla: 282661
CVE-2024-54505: Gary Kwong
We would like to acknowledge Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University for their assistance.