Apple Macos Sonoma
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple Macos Sonoma.
Recent Apple Macos Sonoma Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 127117 | macOS Sonoma 14.8.7 - Apple Security Content | May 11, 2026 |
| 126796 | macOS Sonoma 14.8.5 - Apple Security Content | March 24, 2026 |
| 126350 | macOS Sonoma 14.8.4 - Apple Security Content | February 11, 2026 |
| 125888 | macOS Sonoma 14.8.3 - Apple Security Content | December 12, 2025 |
| 125636 | macOS Sonoma 14.8.2 - Apple Security Content | November 3, 2025 |
| 125330 | macOS Sonoma 14.8.1 - Apple Security Content | September 29, 2025 |
| 125112 | macOS Sonoma 14.8 - Apple Security Content | September 15, 2025 |
| 124928 | macOS Sonoma 14.7.8 - Apple Security Content | August 20, 2025 |
| 124150 | macOS Sonoma 14.7.7 - Apple Security Content | July 29, 2025 |
| 122717 | macOS Sonoma 14.7.6 - Apple Security Content | May 12, 2025 |
By the Year
In 2026 there have been 124 vulnerabilities in Apple Macos Sonoma with an average score of 6.5 out of ten. Last year, in 2025 Macos Sonoma had 115 security vulnerabilities published. That is, 9 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.44.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 124 | 6.48 |
| 2025 | 115 | 6.04 |
| 2024 | 5 | 6.88 |
| 2023 | 1 | 10.00 |
It may take a day or so for new Macos Sonoma vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Macos Sonoma Security Vulnerabilities
macOS sandbox escape in older macOS version fixed 15.7.7/14.8.7/26.2
CVE-2025-43524
8.8 - High
- May 12, 2026
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
Authorization
Apple iOS/macOS/tvOS Local Network DoS via Memory Handling
CVE-2026-43653
6.2 - Medium
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
Resource Exhaustion
Apple OS iOS 18.7.9 Crash via Malicious Audio Stream
CVE-2026-39869
4.3 - Medium
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
Classic Buffer Overflow
Apple Media Codec Memory Corruption in iOS/macOS prior 26.5
CVE-2026-28956
6.5 - Medium
- May 11, 2026
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple WiFi Use-After-Free DoS fixed iOS 18.7.9 / macOS 15.7.7
CVE-2026-28994
5.3 - Medium
- May 11, 2026
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets.
Dangling pointer
Use-After-Free in Apple OS Kernels (iOS 18.7.9+, macOS 15.7.7+)
CVE-2026-43668
7.5 - High
- May 11, 2026
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
Dangling pointer
Apple iOS/macOS File Processing Crash (CVE202628936)
CVE-2026-28936
7.5 - High
- May 11, 2026
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
Improper Input Validation
iOS/macOS tvOS Bypass Bounds Check Crash - Fixed in 18.7.9, 26.5
CVE-2026-28977
6.2 - Medium
- May 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
Buffer Overflow
Apple Safari/WebKit Info Leak via Malicious Site Fixed iOS 26.5, macOS 15.7
CVE-2026-28920
6.5 - Medium
- May 11, 2026
An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.
Information Disclosure
Apple iOS/iPadOS/macOS Data Leak via Consent Bypass (fixed 18.7.9)
CVE-2026-28993
5.5 - Medium
- May 11, 2026
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.
Authorization
Apple OS Kernel Buffer Overflow Fixed in iOS 18.7.9/Sequoia 15.7.7
CVE-2026-28897
6.2 - Medium
- May 11, 2026
A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system termination or read kernel memory.
Stack Overflow
Apple OS iOS/macOS 26.5 Race Condition permitting sensitive data access
CVE-2026-43659
4.7 - Medium
- May 11, 2026
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
Race Condition
Apple macOS/iOS kernel OOBW fixed in 18.7.9
CVE-2026-28819
5.4 - Medium
- May 11, 2026
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
Memory Corruption
Apple OS Kernel Mem Disclosure via App (fixed iOS 18.7.9+; macOS 15.7.7+)
CVE-2026-43654
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Apple OS: Root Priv Escal via State Mismanage (fixed iOS 18.7.9, macOS 14.8.7)
CVE-2026-28951
7.8 - High
- May 11, 2026
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
AuthZ
Apple OS IP Tracking via State Mgmt v<18.7.9/26.5 CVE-2026-28906
CVE-2026-28906
7.5 - High
- May 11, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An attacker may be able to track users through their IP address.
Privacy violation
Apple OS memory corruption (fixed iOS 18.7.9, macOS 15.7.7)
CVE-2026-28992
4.7 - Medium
- May 11, 2026
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
Race Condition
Apple iOS Integer Overflow (pre-18.7.9: possible crash)
CVE-2026-28952
7.5 - High
- May 11, 2026
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination.
Integer Overflow or Wraparound
macOS Root Priv Escalation via Permission Bypass (fixed 15.7.7, 14.8.7, 26.4)
CVE-2026-28840
7.8 - High
- May 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges.
Improper Privilege Management
Apple OS Logging Leak (kernel state) pre iOS 18.7.9 / macOS 14.8.7
CVE-2026-28987
7.5 - High
- May 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.
Insertion of Sensitive Information into Log File
Apple Mail Remote Image Leakage in Lockdown Mode Fixed iOS 18.7.9/macOS 15.7.7/14.8.7/26.5
CVE-2026-28929
7.5 - High
- May 11, 2026
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode.
Incorrect Comparison Logic Granularity
Apple OS Kernel OOB Write (iOS 18.7.9/iPadOS 18.7.9, macOS 15.7.7)
CVE-2026-28972
6.5 - Medium
- May 11, 2026
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory.
Memory Corruption
macOS Kernel Buffer Overflow (Sequoia <15.7.7, Sonoma <14.8.7)
CVE-2026-28925
7.5 - High
- May 11, 2026
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
macOS Unauthorized Contact Access via Symbolic Link Race (fixed 15.7.7/14.8.7/26.5)
CVE-2026-28924
7.5 - High
- May 11, 2026
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.
Race Condition
Apple OS iOS/macOS OOB Write in File Parser, fixed iOS 18.7.9
CVE-2026-43656
7.3 - High
- May 11, 2026
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
Memory Corruption
macOS DoS via App FS Mod, fixed in 15.7.7/14.8.7
CVE-2026-28908
7.5 - High
- May 11, 2026
A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system.
Resource Exhaustion
Apple OS Image Processing Memory Corruption (iOS 26.5, macOS Sequoia 15.7.7)
CVE-2026-28990
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.
Buffer Overflow
Race Condition in Apple OS Leads to Unexpected Termination (fixed iOS 18.7.9)
CVE-2026-28986
7.5 - High
- May 11, 2026
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
Race Condition
Apple iOS Use-After-Free Pre-18.7.9
CVE-2026-28969
7.5 - High
- May 11, 2026
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
Dangling pointer
macOS Path Handling Flaw Exposes Unprotected Data (fixed 15.7.7,14.8.7,26.5)
CVE-2026-39871
7.5 - High
- May 11, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.
Files or Directories Accessible to External Parties
macOS Sequoia/14.8.7 Root Privilege Escalation CVE-2026-28919
CVE-2026-28919
7.8 - High
- May 11, 2026
A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
Improper Privilege Management
macOS Logging Redaction Flaw (Sandbox Escape) Fixed S15.7.7/S14.8.7/T26.5
CVE-2026-28923
8.8 - High
- May 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.
Insertion of Sensitive Information into Log File
Gatekeeper Quarantine Bypass in iOS/iPadOS 18.7.9 & macOS 26.5/15.7.7/14.8.7
CVE-2026-28954
7.5 - High
- May 11, 2026
A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks.
Authentication Bypass by Spoofing
Apple iOS/macOS Buffer Overflow Causing App Termination (fixed in 18.7.9, 15.7.7)
CVE-2026-28846
7.5 - High
- May 11, 2026
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app termination.
Stack Overflow
macOS Root Priv. via Path Validation flaw (pvs before 15.7.7/14.8.7/26.5)
CVE-2026-28915
7.8 - High
- May 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
Directory traversal
macOS sandbox permission issue fixed in Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5
CVE-2026-28978
8.8 - High
- May 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.
Authorization
Apple iOS/macOS kernel memory layout leakage via logging (fixed 18.7.9/15.7.7)
CVE-2026-28943
7.5 - High
- May 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout.
Insertion of Sensitive Information into Log File
Apple OS Race Condition Exposing Sensitive Data (fixed iOS 26.5)
CVE-2026-28996
5.5 - Medium
- May 11, 2026
A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.
Race Condition
Apple OS OOB write DoS (CVE-2026-43666) fixed in iOS 18.7.9 et al
CVE-2026-43666
6.2 - Medium
- May 11, 2026
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
Memory Corruption
macOS Private Info Leak via State Management before 15.7.7/14.8.7/26.5
CVE-2026-28922
6.5 - Medium
- May 11, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.
Authorization
macOS MemCorrupt CVE-2026-39870 fixed in Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5
CVE-2026-39870
7.5 - High
- May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.
Buffer Overflow
Apple OS Buffer Overflow Fixed in iOS 18.7.9, iPadOS 18.7.9, macOS 15.7.7
CVE-2026-28959
7.5 - High
- May 11, 2026
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
Classic Buffer Overflow
Apple Keychain Local Access via Permission Bypass (iOS 18.7.7, macOS 15.7.5)
CVE-2026-28864
3.3 - Low
- March 25, 2026
This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.
AuthZ
macOS Out-of-Bounds Write Allowing File System Modification (Fixed in Sequoia 15.7.5)
CVE-2026-28825
7.1 - High
- March 25, 2026
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
Memory Corruption
Apple OS Log Data Leakage Fix 18.7.7/26.3
CVE-2026-20668
5.5 - Medium
- March 25, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
macOS sandbox flaw allows network share access f. 15.7.5/14.8.5/26.4
CVE-2026-20701
7.5 - High
- March 25, 2026
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent.
Protection Mechanism Failure
Apple iOS Kernel Memory Disclosure via Logging Redaction Flaw (before 18.7.7)
CVE-2026-28868
5.5 - Medium
- March 25, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory.
Insertion of Sensitive Information into Log File
macOS Symlink Exploit Lets App Read Sensitive Data: Fixed 15.7.5/14.8.5/26.4
CVE-2026-20633
5.5 - Medium
- March 25, 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
insecure temporary file
macOS perms flaw fixed in 15.7.5/14.8.5/26.4
CVE-2026-28829
5.5 - Medium
- March 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
Incorrect Permission Assignment for Critical Resource
macOS Sandbox Race Condition Exploit (fixed 15.7.5/14.8.5/26.4)
CVE-2026-28891
8.1 - High
- March 25, 2026
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.
Race Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Macos Sonoma or by Apple? Click the Watch button to subscribe.
