Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 126348 | macOS Tahoe 26.3 - Apple Security Content | February 11, 2026 |
| 126349 | macOS Sequoia 15.7.4 - Apple Security Content | February 11, 2026 |
| 126350 | macOS Sonoma 14.8.4 - Apple Security Content | February 11, 2026 |
| 125887 | macOS Sequoia 15.7.3 - Apple Security Content | December 12, 2025 |
| 125886 | macOS Tahoe 26.2 - Apple Security Content | December 12, 2025 |
| 125888 | macOS Sonoma 14.8.3 - Apple Security Content | December 12, 2025 |
| 125634 | macOS Tahoe 26.1 - Apple Security Content | November 3, 2025 |
| 125636 | macOS Sonoma 14.8.2 - Apple Security Content | November 3, 2025 |
| 125635 | macOS Sequoia 15.7.2 - Apple Security Content | November 3, 2025 |
| 125329 | macOS Sequoia 15.7.1 - Apple Security Content | September 29, 2025 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.5% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 1.0% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 0.2% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 0.1% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 76.3% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | September 15, 2025 |
EOL
Apple macOS 13 became EOL in 2025. |
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | September 26, 2023 |
EOL
Apple macOS 11 became EOL in 2023. |
| 10.15 | September 12, 2022 |
EOL
Apple macOS 10.15 became EOL in 2022. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2026 there have been 71 vulnerabilities in Apple macOS with an average score of 5.9 out of ten. Last year, in 2025 macOS had 667 security vulnerabilities published. Right now, macOS is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.76
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 71 | 5.86 |
| 2025 | 667 | 6.62 |
| 2024 | 536 | 6.39 |
| 2023 | 426 | 6.75 |
| 2022 | 381 | 7.10 |
| 2021 | 500 | 7.01 |
| 2020 | 342 | 7.27 |
| 2019 | 305 | 7.65 |
| 2018 | 89 | 7.25 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
macOS Tahoe 26.3 Fix: Temp File Privacy Leak
CVE-2026-20629
- February 11, 2026
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
Safari DoS via Improper Memory Handling (pre-26.3)
CVE-2026-20652
7.5 - High
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
Resource Exhaustion
Apple Safari 26.3 WebKit crash via memory handling flaw
CVE-2026-20644
6.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
macOS Crash via Improper Memory Handling Fixed in Sequoia 15.7.4
CVE-2026-20605
4.6 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process.
Buffer Overflow
Apple macOS Sequoia 15.7.4: Directory Path Parsing Issue
CVE-2026-20625
5.5 - Medium
- February 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data.
Directory traversal
macOS Tahoe 26.3: Notification Privacy Leak via iCloud Device Access
CVE-2026-20648
5.5 - Medium
- February 11, 2026
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.
Information Disclosure
Apple OS DoS via Malicious File Handling (fixed in 26.3, 14.8.4, 15.7.4, 18.7.5)
CVE-2026-20609
4.4 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
Out-of-bounds Read
Safari Crash via Malicious Web Content Fixed in 26.3
CVE-2026-20608
5.5 - Medium
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Allocation of Resources Without Limits or Throttling
Apple OS Logging Leak Fixed in 26.3
CVE-2026-20649
5.5 - Medium
- February 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information.
Insecure Temporary File
macOS injection flaw fixed in Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4
CVE-2026-20624
5.5 - Medium
- February 11, 2026
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.
AuthZ
Apple macOS/iOS Logic Issue Fixed 15.7.4/18.7.5/26.3/14.8.4
CVE-2026-20673
5.3 - Medium
- February 11, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages may not apply to all mail previews.
macOS Sequoia 15.7.4 & Sonoma 14.8.4: Root Can Delete Protected Files
CVE-2025-46310
6 - Medium
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.
Improper Privilege Management
Directory Path Parsing Issue - Apple OS (pre-26.3,14.8.4,15.7.4,18.7.5)
CVE-2026-20653
5.5 - Medium
- February 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.
Directory traversal
Apple OS 26.3: Memory Corruption CVE-2026-20700 Fixed
CVE-2026-20700
7.8 - High
- February 11, 2026
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Buffer Overflow
Apple macOS Privacy Leak: App Reading Sensitive Data (Fixed 15.7.4/14.8.4/26.3)
CVE-2026-20612
5.5 - Medium
- February 11, 2026
A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.
Information Disclosure
macOS Tahoe <26.3 path validation flaw allows data leakage
CVE-2026-20669
5.5 - Medium
- February 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
Directory traversal
Apple OS Sandbox Escape via Permission Issue before 15.7.4
CVE-2026-20628
7.1 - High
- February 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
Authorization
macOS Tahoe 26.3: Permissions Bug-App Unauthorized Access
CVE-2026-20623
5.5 - Medium
- February 11, 2026
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.
Information Disclosure
Safari memory handling crash (CVE-2026-20635)
CVE-2026-20635
4.3 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS Sequoia 15.7.4 & Tahoe 26.3 Auth Issue via Physical Access
CVE-2026-20662
4.6 - Medium
- February 11, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.
Information Disclosure
Apple macOS HID Bounds Check Crash (before 15.7.4)
CVE-2025-46301
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
macOS Sequoia/Tahoe Logging Redaction Flaw fixed in 15.7.4 / 26.3
CVE-2026-20619
5.5 - Medium
- February 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.
Information Disclosure
macOS Tahoe 26.3 RCE via Package Validation Flaw
CVE-2026-20658
7.8 - High
- February 11, 2026
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
Privacy fix: improved data redaction in macOS Tahoe 26.3
CVE-2026-20681
3.3 - Low
- February 11, 2026
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.
Information Disclosure
Root Priv Escalation via Path Handling in Apple iOS 26.3
CVE-2026-20615
7.8 - High
- February 11, 2026
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
Directory traversal
Apple OS 26.3 Memory Handling Fix Prevents App-Induced System Termination
CVE-2026-20654
5.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.
Buffer Overflow
macOS 26.3: Sensitive Info Disclosure via Root App Redaction Issue
CVE-2026-20603
4.4 - Medium
- February 11, 2026
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.
Authorization
Apple macOS DoS via Cache Mishandling (fixed macOS 14.8.4/15.7.4/26.3)
CVE-2026-20602
- February 11, 2026
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service.
macOS Root Priv Escalation via Path Handle (14.8.3/15.7.3/26.2)
CVE-2026-20614
7.8 - High
- February 11, 2026
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.
Directory traversal
Apple macOS/iOS Sandbox Data Leak prior to 26.3/18.7.5
CVE-2026-20680
- February 11, 2026
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.
macOS Sequoia & Sonoma Remote DoS via Logic Issue Fixed in 15.7.4/14.8.4
CVE-2025-46290
7.5 - High
- February 11, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.
Improper Check or Handling of Exceptional Conditions
macOS Tahoe Temporary File Handling Flaw Exposes Sensitive Data (26.2)
CVE-2026-20618
- February 11, 2026
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
Apple macOS Sonoma path handling flaw pre-14.8.4
CVE-2025-43417
5.5 - Medium
- February 11, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.
Directory traversal
Apple HID Bound-Check Crash (macOS/iOS) before 15.7.4/18.7.5
CVE-2025-46300
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Apple OS Image Parser Memory Disclosure (before 18.7.5/26.3)
CVE-2026-20634
5.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
Apple OS Image Disclosure Pre 26.3
CVE-2026-20675
5.5 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.
Out-of-bounds Read
Apple macOS/iOS HID bounds check flaw process crash (CVE-2025-46303)
CVE-2025-46303
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Apple macOS/iOS Kernel Mem Corrupt (pre-26.3/18.7.5)
CVE-2026-20621
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
Apple macOS/iOS path handling flaw enabling arbitrary file write (pre-26.3)
CVE-2026-20660
5.5 - Medium
- February 11, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.
Directory traversal
Safari Web Extension Tracking Flaw Fixed in 26.3
CVE-2026-20676
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Apple macOS Tahoe 26.3 Addresses Keystroke Monitoring Permissions Issue
CVE-2026-20601
- February 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.
Apple iOS Safari History Leak before 18.7.5 (CVE202620656)
CVE-2026-20656
- February 11, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history.
Root via race condition on Apple OS v26.3
CVE-2026-20617
7 - High
- February 11, 2026
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.
Race Condition
Out-of-Bounds Write in USD File Parser Fixed in iOS 18.7.5 / macOS 14.8.4
CVE-2026-20616
6.5 - Medium
- February 11, 2026
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.
Memory Corruption
Apple OS App-Discovery Priv. Bypass (watchOS 26.3 / tvOS 26.3 / macOS 15.7.4 / iOS 18.7.5)
CVE-2026-20641
7.1 - High
- February 11, 2026
A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to identify what other apps a user has installed.
Information Disclosure
macOS Sandboxing Bypass via Symbolic Link Race (pre-26.3/14.8.4/18.7.5)
CVE-2026-20677
- February 11, 2026
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.
macOS Sequoia 15.7.4 / Sonoma 14.8.4 Auth Issue Fix
CVE-2025-43403
5.5 - Medium
- February 11, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.
AuthZ
macOS OOB read in kernel (Sequoia/Tahoe/Sonoma 15.7.4/26.3/14.8.4)
CVE-2026-20620
7.7 - High
- February 11, 2026
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.
Out-of-bounds Read
Apple Safari WebKit memory bug causes crashes before iOS 26.3
CVE-2026-20636
6.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS/HID crash fixed in Sequoia 15.7.4, iOS 18.7.5
CVE-2025-46302
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
