Apple Apple Software and Device Maker

  1. Vendors
  2. Apple

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Apple product.

RSS Feeds for Apple security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple macOS3334 vulnerabilities
Macintosh Operating System

Apple iOS2365 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPadOS1736 vulnerabilities
Apple iPad Operating System

Apple tvOS1408 vulnerabilities
Apple TV Operating System

Apple watchOS1405 vulnerabilities
Apple Watch Operating System

Apple Safari615 vulnerabilities

Apple iPadOS554 vulnerabilities
Apple iPad Operating System

Apple visionOS361 vulnerabilities

Apple Ios And Ipados305 vulnerabilities

Apple iTunes234 vulnerabilities
Apple iTunes Software

Apple iCloud196 vulnerabilities

Apple Macos Sonoma111 vulnerabilities

Apple Xcode60 vulnerabilities

Apple Music11 vulnerabilities

Apple Garageband8 vulnerabilities

Apple Carplay2 vulnerabilities

Apple AirPods2 vulnerabilities
Apple AirPods Firmware and Hardware

Apple AirPlay2 vulnerabilities

Apple Macos Monterey1 vulnerability

Apple Macos Ventura1 vulnerability

Apple Magic Keyboard1 vulnerability

Apple Compressor1 vulnerability

Apple Securerom1 vulnerability

Apple Smart Card Services1 vulnerability

Apple App Store Connect1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
125884 iOS 26.2 and iPadOS 26.2 - Apple Security Content December 12, 2025
125890 watchOS 26.2 - Apple Security Content December 12, 2025
125889 tvOS 26.2 - Apple Security Content December 12, 2025
125886 macOS Tahoe 26.2 - Apple Security Content December 12, 2025
125888 macOS Sonoma 14.8.3 - Apple Security Content December 12, 2025
125885 iOS 18.7.3 and iPadOS 18.7.3 - Apple Security Content December 12, 2025
125891 visionOS 26.2 - Apple Security Content December 12, 2025
125887 macOS Sequoia 15.7.3 - Apple Security Content December 12, 2025
125892 Safari 26.2 - Apple Security Content December 12, 2025
125693 Compressor 4.11.1 - Apple Security Content November 13, 2025

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple Multiple Products Use-After-Free WebKit Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-43529 Exploit Probability: 0.0% 		December 15, 2025
Apple Multiple Products Unspecified Vulnerability Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2022-48503 Exploit Probability: 0.3% 		October 20, 2025
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
CVE-2025-43300 Exploit Probability: 1.1% 		August 21, 2025
Apple Multiple Products Unspecified Vulnerability Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
CVE-2025-43200 Exploit Probability: 0.3% 		June 16, 2025
Apple Multiple Products Arbitrary Read and Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
CVE-2025-31201 Exploit Probability: 4.4% 		April 17, 2025
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
CVE-2025-31200 Exploit Probability: 1.7% 		April 17, 2025
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-24201 Exploit Probability: 0.1% 		March 13, 2025
Apple iOS and iPadOS Incorrect Authorization Vulnerability Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
CVE-2025-24200 Exploit Probability: 43.6% 		February 12, 2025
Apple Multiple Products Use-After-Free Vulnerability Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
CVE-2025-24085 Exploit Probability: 28.1% 		January 29, 2025
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
CVE-2024-44309 Exploit Probability: 0.6% 		November 21, 2024
Apple Multiple Products Code Execution Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
CVE-2024-44308 Exploit Probability: 0.9% 		November 21, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23296 Exploit Probability: 0.1% 		March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23225 Exploit Probability: 0.1% 		March 6, 2024
Apple Multiple Products Improper Authentication Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
CVE-2022-48618 Exploit Probability: 0.1% 		January 31, 2024
Apple Multiple Products Type Confusion Vulnerability Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.
CVE-2024-23222 Exploit Probability: 0.2% 		January 23, 2024
Apple Multiple Products Code Execution Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
CVE-2023-41990 Exploit Probability: 2.7% 		January 8, 2024
Apple Multiple Products WebKit Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.
CVE-2023-42917 Exploit Probability: 0.1% 		December 4, 2023
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content.
CVE-2023-42916 Exploit Probability: 0.0% 		December 4, 2023
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
CVE-2023-42824 Exploit Probability: 1.4% 		October 5, 2023
Apple Multiple Products WebKit Code Execution Vulnerability Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.
CVE-2023-41993 Exploit Probability: 21.5% 		September 25, 2023

3 known exploited Apple vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Apple Vulnerabilities

Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-41064 89.9% Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
2 CVE-2016-4655 82.3% Apple iOS Information Disclosure Vulnerability
3 CVE-2016-4657 78.4% Apple iOS Webkit Memory Corruption Vulnerability
4 CVE-2021-30657 76.3% Apple macOS Policy Subsystem Gatekeeper Bypass
5 CVE-2016-4656 73.3% Apple iOS Memory Corruption Vulnerability
6 CVE-2021-30860 69.5% Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability
7 CVE-2023-32434 68.6% Apple Multiple Products Integer Overflow Vulnerability
8 CVE-2014-4404 62.0% Apple OS X Heap-Based Buffer Overflow Vulnerability
9 CVE-2020-27930 47.2% Apple iOS and macOS FontParser Remote Code Execution Vulnerability
10 CVE-2020-27950 46.9% Apple iOS and macOS Kernel Memory Initialization Vulnerability

By the Year

In 2026 there have been 4 vulnerabilities in Apple with an average score of 5.2 out of ten. Last year, in 2025 Apple had 745 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.36




Year Vulnerabilities Average Score
2026 4 5.15
2025 745 6.51
2024 628 6.27
2023 513 6.72
2022 464 7.06
2021 603 6.99
2020 385 6.95
2019 548 7.42
2018 184 7.36

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-46297 Jan 09, 2026
A permissions issue was addressed with additional restrictions A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.
macOS
CVE-2025-46298 Jan 09, 2026
The issue was addressed with improved memory handling The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
tvOS
Safari
Ios And Ipados
And others...
CVE-2025-46299 Jan 09, 2026
A memory initialization issue was addressed with improved memory handling A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
tvOS
Safari
Ios And Ipados
And others...
CVE-2025-46286 Jan 09, 2026
A logic issue was addressed with improved validation A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.
Ios And Ipados
CVE-2025-43514 Dec 17, 2025
macOS Tahoe 26.2 Cache Access Vulnerability Allows App to Read Protected Data The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
macOS
CVE-2025-46278 Dec 17, 2025
macOS Tahoe 26.x Cache Flaw Allows App Data Leak The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
macOS
CVE-2025-46281 Dec 17, 2025
macOS Tahoe 26.2 Sandbox Escape Logic Issue A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.
macOS
CVE-2025-46279 Dec 17, 2025
Apple iOS/watchOS: App ID Retrieval Privacy Issue Fixed in 18.7.3/26.2 A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
iOS
iPadOS
macOS
And others...
CVE-2025-43535 Dec 17, 2025
Apple Safari 26.2 Crashes on Malicious Web Content (CVE-2025-43535) The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2025-46291 Dec 17, 2025
Apple macOS Tahoe 26.2 Gatekeeper Bypass via Logic Issue A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.
macOS
CVE-2025-43533 Dec 17, 2025
Apple 26.2 OS: HID MEM Corrupt (Bad Input) Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2025-43529 Dec 17, 2025
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
iOS
iPadOS
macOS
And others...
CVE-2025-43475 Dec 17, 2025
Apple iOS/iPadOS 26.2 Logging Redaction Flaw Disclosing Sensitive Data A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
iOS
iPadOS
Ios And Ipados
And others...
CVE-2025-43526 Dec 17, 2025
Safari <26.2: Web APIs via file: URL in Lockdown Mode This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.
macOS
Safari
CVE-2025-46288 Dec 17, 2025
Apple OS Payment Token Access via Permission Flaw (v26.2) A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.
iOS
iPadOS
macOS
And others...
CVE-2025-43531 Dec 17, 2025
Apple Safari race condition leads to crash from malicious content A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2025-46292 Dec 17, 2025
Apple iOS/iPadOS Privilege Escalation via Missing Entitlement Checks (<26.2/18.7.3) This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data.
iOS
iPadOS
Ios And Ipados
And others...
CVE-2025-43536 Dec 17, 2025
Use-After-Free in Apple Safari 26.2 causing crashes A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2025-46283 Dec 17, 2025
Apple macOS Tahoe 26.2 Validation Logic Issue Exposing Sensitive Data A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.
macOS
CVE-2025-43428 Dec 17, 2025
Apple Photos Hidden Album View Without Auth Fixed in 26.2 A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.
iOS
iPadOS
macOS
And others...
CVE-2025-43541 Dec 17, 2025
Apple Safari Type Confusion Crash (pre-26.2) A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2025-43501 Dec 17, 2025
Apple Safari Buffer Overflow Fixed in 26.2 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2025-46282 Dec 17, 2025
MacOS & Safari 26.2 Sensitive Data Leak via Missing Permission Checks The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data.
macOS
Safari
CVE-2025-46277 Dec 17, 2025
macOS 26.2 Redaction Fix Prevents Safari History Leak A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a users Safari history.
iOS
iPadOS
macOS
And others...
CVE-2025-43518 Dec 12, 2025
Apple macOS Spellcheck API File Access Escalation (Fixed 14.8.3/15.7.3) A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.
iOS
iPadOS
macOS
And others...
CVE-2025-43522 Dec 12, 2025
macOS Sequoia 15.7.3 Downgrade Issue on Intel Macs Allows Data Access A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data.
macOS
CVE-2025-43467 Dec 12, 2025
macOS Tahoe 26.1 Root Privilege Escalation via Improved Checks This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.
macOS
CVE-2025-43471 Dec 12, 2025
macOS Tahoe 26.1: Vulnerability Allows App to Read Sensitive User Data The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
macOS
CVE-2025-43406 Dec 12, 2025
macOS Tahoe 26.1: Access Control Logic Issue Allows App-sensitive Data Access A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
macOS
CVE-2025-43410 Dec 12, 2025
macOS Notes cache flaw: deleted notes expose via physical access The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.2, macOS Sonoma 14.8.2. An attacker with physical access may be able to view deleted notes.
macOS
CVE-2025-43538 Dec 12, 2025
macOS Sonoma 14.x log data redaction flaw exposes sensitive data A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
iOS
iPadOS
macOS
And others...
CVE-2025-43539 Dec 12, 2025
macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3) The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
iOS
iPadOS
macOS
And others...
CVE-2025-43542 Dec 12, 2025
macOS Sequoia 15.7.3: FaceTime Remote Control Reveals Password Fields This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime.
iOS
iPadOS
macOS
And others...
CVE-2025-43470 Dec 12, 2025
macOS Tahoe 26.1 Permissions Issue: User Can View Admin Disk Image Files A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.
macOS
CVE-2025-43523 Dec 12, 2025
Apple macOS Sequoia 15.7.3: Permissions Restriction Issue A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
macOS
CVE-2025-43466 Dec 12, 2025
OS command Injection flaw in macOS Tahoe 26.1 An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
macOS
CVE-2025-43519 Dec 12, 2025
macOS Permission flaw allows app to access sensitive data (fixed 14.8.3) A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
macOS
Macos Sonoma
CVE-2025-43512 Dec 12, 2025
macOS PrivEsc: Logic Issue Fixed in 14.8.3/15.7.3 A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges.
iOS
iPadOS
macOS
And others...
CVE-2025-43416 Dec 12, 2025
macOS Data Access Flaw Sonoma 14.8.3 / Sequoia 15.7.3 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
macOS
Macos Sonoma
CVE-2025-43482 Dec 12, 2025
Apple macOS DoS via Input Validation Bug in Sonoma 14.8.3/Sequoia 15.7.3 The issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to cause a denial-of-service.
macOS
Macos Sonoma
CVE-2025-46287 Dec 12, 2025
macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
iOS
iPadOS
macOS
And others...
CVE-2025-43494 Dec 12, 2025
Apple Mail Header Parsing DoS in iOS/macOS/watchOS (26.1) A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.
macOS
visionOS
watchOS
And others...
CVE-2025-43461 Dec 12, 2025
macOS Tahoe 26.1: Symlink Validation Flaw Allows App to Read Protected Data This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
macOS
CVE-2025-43532 Dec 12, 2025
Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3 A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.
iOS
iPadOS
macOS
And others...
CVE-2025-43437 Dec 12, 2025
Info Disclosure in Apple iOS 26.1/iPadOS 26.1 Allowing User Fingerprinting An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.
Ios And Ipados
iOS
CVE-2025-43509 Dec 12, 2025
macOS Sonoma 14/Sequoia 15 App Sensitive Data Leakage This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
macOS
Macos Sonoma
CVE-2025-43381 Dec 12, 2025
macOS Tahoe 26.1 Symlink Deletion Vulnerability This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.
macOS
CVE-2025-43513 Dec 12, 2025
macOS 14.8.3/15.7.3: Permissions Flaw Exposes Location Info A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information.
macOS
Macos Sonoma
CVE-2025-46285 Dec 12, 2025
Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3 An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
iOS
iPadOS
macOS
And others...
CVE-2025-43506 Dec 12, 2025
macOS Tahoe 26.1 PrivRelay Activation Failure Multi-User (logic error) A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time.
macOS
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.