Apple Macos Sonoma

macOS Crash via Improper Memory Handling Fixed in Sequoia 15.7.4
CVE-2026-20605 4.6 - Medium - February 11, 2026

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process.

Buffer Overflow

Apple macOS Sequoia 15.7.4: Directory Path Parsing Issue
CVE-2026-20625 5.5 - Medium - February 11, 2026

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data.

Directory traversal

Apple OS DoS via Malicious File Handling (fixed in 26.3, 14.8.4, 15.7.4, 18.7.5)
CVE-2026-20609 4.4 - Medium - February 11, 2026

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

Out-of-bounds Read

macOS injection flaw fixed in Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4
CVE-2026-20624 5.5 - Medium - February 11, 2026

An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.

AuthZ

Apple macOS/iOS Logic Issue Fixed 15.7.4/18.7.5/26.3/14.8.4
CVE-2026-20673 5.3 - Medium - February 11, 2026

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages may not apply to all mail previews.

macOS Sequoia 15.7.4 & Sonoma 14.8.4: Root Can Delete Protected Files
CVE-2025-46310 6 - Medium - February 11, 2026

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.

Improper Privilege Management

Directory Path Parsing Issue - Apple OS (pre-26.3,14.8.4,15.7.4,18.7.5)
CVE-2026-20653 5.5 - Medium - February 11, 2026

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

Directory traversal

Apple macOS Privacy Leak: App Reading Sensitive Data (Fixed 15.7.4/14.8.4/26.3)
CVE-2026-20612 5.5 - Medium - February 11, 2026

A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.

Information Disclosure

Apple OS Sandbox Escape via Permission Issue before 15.7.4
CVE-2026-20628 7.1 - High - February 11, 2026

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.

Authorization

Apple macOS HID Bounds Check Crash (before 15.7.4)
CVE-2025-46301 5.7 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Buffer Overflow

Root Priv Escalation via Path Handling in Apple iOS 26.3
CVE-2026-20615 - February 11, 2026

A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.

Apple macOS DoS via Cache Mishandling (fixed macOS 14.8.4/15.7.4/26.3)
CVE-2026-20602 - February 11, 2026

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service.

macOS Root Priv Escalation via Path Handle (14.8.3/15.7.3/26.2)
CVE-2026-20614 - February 11, 2026

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.

Apple macOS/iOS Sandbox Data Leak prior to 26.3/18.7.5
CVE-2026-20680 - February 11, 2026

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.

macOS Sequoia & Sonoma Remote DoS via Logic Issue Fixed in 15.7.4/14.8.4
CVE-2025-46290 7.5 - High - February 11, 2026

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.

Improper Check or Handling of Exceptional Conditions

Apple macOS Sonoma path handling flaw pre-14.8.4
CVE-2025-43417 5.5 - Medium - February 11, 2026

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.

Directory traversal

Apple HID Bound-Check Crash (macOS/iOS) before 15.7.4/18.7.5
CVE-2025-46300 5.7 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Buffer Overflow

Apple OS Image Parser Memory Disclosure (before 18.7.5/26.3)
CVE-2026-20634 5.5 - Medium - February 11, 2026

The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.

Apple OS Image Disclosure Pre 26.3
CVE-2026-20675 5.5 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.

Out-of-bounds Read

Apple macOS/iOS HID bounds check flaw process crash (CVE-2025-46303)
CVE-2025-46303 5.7 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Buffer Overflow

Apple macOS/iOS path handling flaw enabling arbitrary file write (pre-26.3)
CVE-2026-20660 5.5 - Medium - February 11, 2026

A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.

Directory traversal

Apple macOS/iOS Kernel Mem Corrupt (pre-26.3/18.7.5)
CVE-2026-20621 - February 11, 2026

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.

Root via race condition on Apple OS v26.3
CVE-2026-20617 - February 11, 2026

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.

Out-of-Bounds Write in USD File Parser Fixed in iOS 18.7.5 / macOS 14.8.4
CVE-2026-20616 6.5 - Medium - February 11, 2026

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.

Memory Corruption

Apple OS App-Discovery Priv. Bypass (watchOS 26.3 / tvOS 26.3 / macOS 15.7.4 / iOS 18.7.5)
CVE-2026-20641 7.1 - High - February 11, 2026

A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to identify what other apps a user has installed.

Information Disclosure

macOS Sandboxing Bypass via Symbolic Link Race (pre-26.3/14.8.4/18.7.5)
CVE-2026-20677 - February 11, 2026

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.

macOS Sequoia 15.7.4 / Sonoma 14.8.4 Auth Issue Fix
CVE-2025-43403 5.5 - Medium - February 11, 2026

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.

AuthZ

macOS OOB read in kernel (Sequoia/Tahoe/Sonoma 15.7.4/26.3/14.8.4)
CVE-2026-20620 7.7 - High - February 11, 2026

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.

Out-of-bounds Read

Apple macOS/HID crash fixed in Sequoia 15.7.4, iOS 18.7.5
CVE-2025-46302 5.7 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Buffer Overflow

Apple OS Media OOB Crash, fixed v26.3/14.8.4/15.7.4
CVE-2026-20611 7.1 - High - February 11, 2026

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Out-of-bounds Read

Apple macOS SEQUOIA 15.7.4 / SONOMA 14.8.4 HID Crash via Bounds Check
CVE-2025-46305 5.7 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Buffer Overflow

Apple OS Env Var Validation Flaw before 26.3
CVE-2026-20627 5.5 - Medium - February 11, 2026

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

Improper Input Validation

Apple OS network logic flaw allows traffic interception (fixed 26.3 & 14.8.4)
CVE-2026-20671 3.1 - Low - February 11, 2026

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.

Apple macOS/iOS HID bounds check crash (CVE-2025-46304)
CVE-2025-46304 5.7 - Medium - February 11, 2026

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.

Resource Exhaustion

Sandbox Bypass Logic Issue fixed in Apple OS 26.3
CVE-2026-20667 8.8 - High - February 11, 2026

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.

Protection Mechanism Failure

App bypasses Privacy prefs in macOS 26.3 & iOS 18.7.5, fixed by removing code
CVE-2026-20606 7.1 - High - February 11, 2026

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to bypass certain Privacy preferences.

Information Disclosure

Apple 26.2 OS: HID MEM Corrupt (Bad Input)
CVE-2025-43533 3.5 - Low - December 17, 2025

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.

Improper Input Validation

Apple macOS Tahoe 26.2 Validation Logic Issue Exposing Sensitive Data
CVE-2025-46283 5.5 - Medium - December 17, 2025

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.

Information Disclosure

Apple macOS Spellcheck API File Access Escalation (Fixed 14.8.3/15.7.3)
CVE-2025-43518 3.3 - Low - December 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.

Authorization

macOS Sonoma 14.x log data redaction flaw exposes sensitive data
CVE-2025-43538 - December 12, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.

Insertion of Sensitive Information into Log File

macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43539 8.8 - High - December 12, 2025

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.

Buffer Overflow

macOS Permission flaw allows app to access sensitive data (fixed 14.8.3)
CVE-2025-43519 7.5 - High - December 12, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.

Incorrect Default Permissions

macOS PrivEsc: Logic Issue Fixed in 14.8.3/15.7.3
CVE-2025-43512 7.8 - High - December 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges.

Improper Privilege Management

macOS Data Access Flaw Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43416 9.8 - Critical - December 12, 2025

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.

Authorization

Apple macOS DoS via Input Validation Bug in Sonoma 14.8.3/Sequoia 15.7.3
CVE-2025-43482 5.5 - Medium - December 12, 2025

The issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to cause a denial-of-service.

Improper Input Validation

macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3
CVE-2025-46287 9.8 - Critical - December 12, 2025

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.

User Interface (UI) Misrepresentation of Critical Information

Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43532 2.8 - Low - December 12, 2025

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.

Classic Buffer Overflow

macOS Sonoma 14/Sequoia 15 App Sensitive Data Leakage
CVE-2025-43509 5.5 - Medium - December 12, 2025

This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.

Information Disclosure

macOS 14.8.3/15.7.3: Permissions Flaw Exposes Location Info
CVE-2025-43513 5.5 - Medium - December 12, 2025

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information.

Authorization

Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-46285 7.8 - High - December 12, 2025

An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.

Integer Overflow or Wraparound