Apple iOS The iOS Operating System used by iPhones.
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple iOS.
Recent Apple iOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 125884 | iOS 26.2 and iPadOS 26.2 - Apple Security Content | December 12, 2025 |
| 125885 | iOS 18.7.3 and iPadOS 18.7.3 - Apple Security Content | December 12, 2025 |
| 125633 | iOS 18.7.2 and iPadOS 18.7.2 - Apple Security Content | November 5, 2025 |
| 125632 | iOS 26.1 and iPadOS 26.1 - Apple Security Content | November 3, 2025 |
| 125326 | iOS 26.0.1 and iPadOS 26.0.1 - Apple Security Content | September 29, 2025 |
| 125327 | iOS 18.7.1 and iPadOS 18.7.1 - Apple Security Content | September 29, 2025 |
| 125142 | iOS 15.8.5 and iPadOS 15.8.5 - Apple Security Content | September 15, 2025 |
| 125108 | iOS 26 and iPadOS 26 - Apple Security Content | September 15, 2025 |
| 125141 | iOS 16.7.12 and iPadOS 16.7.12 - Apple Security Content | September 15, 2025 |
| 125109 | iOS 18.7 and iPadOS 18.7 - Apple Security Content | September 15, 2025 |
Known Exploited Apple iOS Vulnerabilities
The following Apple iOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple iOS Type Confusion Vulnerability |
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. CVE-2022-42856 Exploit Probability: 0.3% |
December 14, 2022 |
| Apple iOS Information Disclosure Vulnerability |
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. CVE-2016-4655 Exploit Probability: 82.3% |
May 24, 2022 |
| Apple iOS Memory Corruption Vulnerability |
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. CVE-2016-4656 Exploit Probability: 73.3% |
May 24, 2022 |
| Apple iOS Webkit Memory Corruption Vulnerability |
WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. CVE-2016-4657 Exploit Probability: 78.4% |
May 24, 2022 |
| Apple iOS Memory Corruption Vulnerability |
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. CVE-2019-7287 Exploit Probability: 5.3% |
May 23, 2022 |
| Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability |
An integer overflow was addressed with improved input validation vulnerability affecting iOS devices that allows for remote code execution. CVE-2021-30860 Exploit Probability: 69.5% |
November 3, 2021 |
| Apple WebKit Browser Engine Use-After-Free Vulnerability |
Use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30762 Exploit Probability: 0.0% |
November 3, 2021 |
| Apple iOS Privilege Escalation and Code Execution Chain |
A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782 Exploit Probability: 7.9% |
November 3, 2021 |
| Apple iOS Privilege Escalation and Code Execution Chain |
A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1870 Exploit Probability: 1.2% |
November 3, 2021 |
| Apple iOS Privilege Escalation and Code Execution Chain |
A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871 Exploit Probability: 0.9% |
November 3, 2021 |
| Apple iOS Webkit Browser Engine XSS |
Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1879 Exploit Probability: 1.5% |
November 3, 2021 |
| Apple iOS Webkit Storage Use-After-Free Remote Code Execution Vulnerability |
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30661 Exploit Probability: 0.2% |
November 3, 2021 |
| Apple iOS12.x Buffer Overflow |
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30666 Exploit Probability: 1.5% |
November 3, 2021 |
| Apple WebKit Browser Engine Memory Corruption Vulnerability |
Memory corruption issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30761 Exploit Probability: 0.4% |
November 3, 2021 |
The vulnerability CVE-2016-4655: Apple iOS Information Disclosure Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 3 known exploited Apple iOS vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Apple iOS EOL Dates
Ensure that you are using a supported version of Apple iOS. Here are some end of life, and end of support dates for Apple iOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 26 | - |
Active
|
| 18 | - |
Active
|
| 18 | - |
Active
|
| 17 | November 19, 2024 |
EOL
Apple iOS 17 became EOL in 2024 and supported ended in 2024 |
| 17 | November 19, 2024 |
EOL
Apple iOS 17 became EOL in 2024 and supported ended in 2024 |
| 16 | March 31, 2025 |
EOL
Apple iOS 16 became EOL in 2025 and supported ended in 2023 |
| 16 | March 31, 2025 |
EOL
Apple iOS 16 became EOL in 2025 and supported ended in 2023 |
| 15 | March 31, 2025 |
EOL
Apple iOS 15 became EOL in 2025 and supported ended in 2022 |
| 15 | March 31, 2025 |
EOL
Apple iOS 15 became EOL in 2025 and supported ended in 2022 |
| 14 | October 1, 2021 |
EOL
Apple iOS 14 became EOL in 2021 and supported ended in 2021 |
| 14 | October 1, 2021 |
EOL
Apple iOS 14 became EOL in 2021 and supported ended in 2021 |
| 13 | September 16, 2020 |
EOL
Apple iOS 13 became EOL in 2020 and supported ended in 2020 |
| 13 | September 16, 2020 |
EOL
Apple iOS 13 became EOL in 2020 and supported ended in 2020 |
| 12 | January 23, 2023 |
EOL
Apple iOS 12 became EOL in 2023 and supported ended in 2019 |
| 12 | January 23, 2023 |
EOL
Apple iOS 12 became EOL in 2023 and supported ended in 2019 |
| 11 | October 8, 2018 |
EOL
Apple iOS 11 became EOL in 2018 and supported ended in 2018 |
| 11 | October 8, 2018 |
EOL
Apple iOS 11 became EOL in 2018 and supported ended in 2018 |
| 10 | September 26, 2017 |
EOL
Apple iOS 10 became EOL in 2017 and supported ended in 2017 |
| 10 | September 26, 2017 |
EOL
Apple iOS 10 became EOL in 2017 and supported ended in 2017 |
By the Year
In 2026 there have been 0 vulnerabilities in Apple iOS. Last year, in 2025 iOS had 351 security vulnerabilities published. Right now, iOS is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 351 | 6.37 |
| 2024 | 325 | 6.15 |
| 2023 | 273 | 6.77 |
| 2022 | 244 | 7.09 |
| 2021 | 383 | 7.01 |
| 2020 | 252 | 7.09 |
| 2019 | 350 | 7.48 |
| 2018 | 100 | 7.39 |
It may take a day or so for new iOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple iOS Security Vulnerabilities
Apple iOS/watchOS: App ID Retrieval Privacy Issue Fixed in 18.7.3/26.2
CVE-2025-46279
9.8 - Critical
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
Information Disclosure
Apple Safari 26.2 Crashes on Malicious Web Content (CVE-2025-43535)
CVE-2025-43535
4.3 - Medium
- December 17, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple 26.2 OS: HID MEM Corrupt (Bad Input)
CVE-2025-43533
3.5 - Low
- December 17, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.
Improper Input Validation
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec
CVE-2025-43529
8.8 - High
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Dangling pointer
Apple iOS/iPadOS 26.2 Logging Redaction Flaw Disclosing Sensitive Data
CVE-2025-43475
5.5 - Medium
- December 17, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
Insertion of Sensitive Information into Log File
Apple OS Payment Token Access via Permission Flaw (v26.2)
CVE-2025-46288
5.5 - Medium
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.
Authorization
Apple Safari race condition leads to crash from malicious content
CVE-2025-43531
3.1 - Low
- December 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Race Condition
Apple iOS/iPadOS Privilege Escalation via Missing Entitlement Checks (<26.2/18.7.3)
CVE-2025-46292
5.5 - Medium
- December 17, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data.
Authorization
Use-After-Free in Apple Safari 26.2 causing crashes
CVE-2025-43536
4.3 - Medium
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Apple Photos Hidden Album View Without Auth Fixed in 26.2
CVE-2025-43428
9.8 - Critical
- December 17, 2025
A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.
Missing Authentication for Critical Function
Apple Safari Type Confusion Crash (pre-26.2)
CVE-2025-43541
4.3 - Medium
- December 17, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Object Type Confusion
Apple Safari Buffer Overflow Fixed in 26.2
CVE-2025-43501
4.3 - Medium
- December 17, 2025
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Classic Buffer Overflow
macOS 26.2 Redaction Fix Prevents Safari History Leak
CVE-2025-46277
5.5 - Medium
- December 17, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a users Safari history.
Insertion of Sensitive Information into Log File
Apple macOS Spellcheck API File Access Escalation (Fixed 14.8.3/15.7.3)
CVE-2025-43518
3.3 - Low
- December 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.
Authorization
macOS Sonoma 14.x log data redaction flaw exposes sensitive data
CVE-2025-43538
- December 12, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43539
8.8 - High
- December 12, 2025
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
Buffer Overflow
macOS Sequoia 15.7.3: FaceTime Remote Control Reveals Password Fields
CVE-2025-43542
7.5 - High
- December 12, 2025
This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime.
Information Disclosure
macOS PrivEsc: Logic Issue Fixed in 14.8.3/15.7.3
CVE-2025-43512
7.8 - High
- December 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges.
Improper Privilege Management
macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3
CVE-2025-46287
9.8 - Critical
- December 12, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
User Interface (UI) Misrepresentation of Critical Information
Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43532
2.8 - Low
- December 12, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.
Classic Buffer Overflow
Info Disclosure in Apple iOS 26.1/iPadOS 26.1 Allowing User Fingerprinting
CVE-2025-43437
3.3 - Low
- December 12, 2025
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.
Information Disclosure
Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-46285
7.8 - High
- December 12, 2025
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
Integer Overflow or Wraparound
Apple macOS Sonoma/Sequoia Sensitive Data Access CVE202543530
CVE-2025-43530
5.5 - Medium
- December 12, 2025
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.
Information Disclosure
Use-After-Free Crash via Web Content in iOS+iPadOS (fixed in 18.7.2)
CVE-2025-43511
6.5 - Medium
- December 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
macOS Info-Disclosure via Privacy Controls (Sonoma<14.8.3/Sequoia<15.7.3)
CVE-2025-46276
3.3 - Low
- December 12, 2025
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app may be able to access sensitive user data.
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
Apple iOS/iPadOS WiFi Profile Override (fixed in 18.5)
CVE-2025-31216
2.4 - Low
- November 21, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to override managed Wi-Fi profiles.
Authorization
Apple OS Kernel OOB Read via Bounds Check - Fixed in iOS 18.5
CVE-2025-43374
4.3 - Medium
- November 21, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.
Stack Overflow
OOB Access in watchOS tvOS visionOS iOS iPadOS Before 11.4/18.4 Bypass ASLR
CVE-2025-43205
4 - Medium
- November 12, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR.
Out-of-bounds Read
Apple iOS/iPadOS Locked Device Options Exposure CVE-2025-43418 Fixed 18.7.2
CVE-2025-43418
4.6 - Medium
- November 05, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.
Authorization
iOS 26 DoS: Unprivileged process can terminate root procs
CVE-2025-43365
2.8 - Low
- November 04, 2025
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An unprivileged process may be able to terminate a root processes.
Improper Input Validation
Apple Safari 26.1: Web Content Crash Vulnerability
CVE-2025-43430
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
iOS/iPadOS 26.1 Data Redaction Logging Bug Exposes Sensitive User Data
CVE-2025-43426
5.5 - Medium
- November 04, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
Apple OSs: watchOS 26.1/iOS 26.1/iPadOS 26.1/visionOS 26.1 Memory Leak/Kernel Corruption
CVE-2025-43447
5.5 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Buffer Overflow
Apple iOS 26.1: Privacy Preference Bypass via Sensitive Data Leak
CVE-2025-43502
7.5 - High
- November 04, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. An app may be able to bypass certain Privacy preferences.
Authorization
Apple iOS OOB Access via Malicious Media (fixed 26.1)
CVE-2025-43386
7.1 - High
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple OS Sensitive Data Access Vulnerability (CVE-2025-43345)
CVE-2025-43345
5.5 - Medium
- November 04, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data.
Information Disclosure
Apple Safari 26.1 Address Bar Spoofing (CVE-2025-43493)
CVE-2025-43493
4.3 - Medium
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing.
Authentication Bypass by Spoofing
Apple OS UI Spoofing (before 26.1)
CVE-2025-43503
4.3 - Medium
- November 04, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to user interface spoofing.
Authentication Bypass by Spoofing
iOS Camera View Info Leak Before Camera Access < 26.1
CVE-2025-43450
7.5 - High
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access.
Authorization
Apple iOS/iPadOS/macOS Temp File Privacy Bug (Fixed in 26.1 / 14.8.2)
CVE-2025-43391
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.
Information Disclosure
iOS LockScreen Notification Exposure CVE-2025-43309
CVE-2025-43309
2.4 - Low
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
Authorization
Sandbox Escape in Apple OS via Entitlement Issue (pre-26.1)
CVE-2025-43407
7.8 - High
- November 04, 2025
This issue was addressed with improved entitlements. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to break out of its sandbox.
Authorization
Apple Safari 26.1 unexpected crash via crafted web content
CVE-2025-43427
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Safari/iOS memory corruption via web content, fixed v26.1
CVE-2025-43431
8.8 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption.
Buffer Overflow
Apple OS Symlink Validation Flaw Allows Data Access (pre-26.1)
CVE-2025-43379
5.5 - Medium
- November 04, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access protected user data.
insecure temporary file
Safari UA-FREE Crash before 26.1 on iOS/iPadOS/watchOS, visionOS
CVE-2025-43457
6.5 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple Safari CVE-2025-43441: Mem Crash (<=26.0), Fixed 26.1
CVE-2025-43441
4.3 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS/iOS Media Parser OOB Issue (CVE-2025-43338)
CVE-2025-43338
7.1 - High
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26, macOS Sonoma 14.8.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
XSS
Apple OS 26.1 App Enumeration Permission Escalation
CVE-2025-43436
7.5 - High
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.
Authentication Bypass Using an Alternate Path or Channel
