Apple macOS Macintosh Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple macOS.
Recent Apple macOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 125887 | macOS Sequoia 15.7.3 - Apple Security Content | December 12, 2025 |
| 125886 | macOS Tahoe 26.2 - Apple Security Content | December 12, 2025 |
| 125888 | macOS Sonoma 14.8.3 - Apple Security Content | December 12, 2025 |
| 125634 | macOS Tahoe 26.1 - Apple Security Content | November 3, 2025 |
| 125636 | macOS Sonoma 14.8.2 - Apple Security Content | November 3, 2025 |
| 125635 | macOS Sequoia 15.7.2 - Apple Security Content | November 3, 2025 |
| 125330 | macOS Sonoma 14.8.1 - Apple Security Content | September 29, 2025 |
| 125329 | macOS Sequoia 15.7.1 - Apple Security Content | September 29, 2025 |
| 125328 | macOS Tahoe 26.0.1 - Apple Security Content | September 29, 2025 |
| 125112 | macOS Sonoma 14.8 - Apple Security Content | September 15, 2025 |
Known Exploited Apple macOS Vulnerabilities
The following Apple macOS vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple macOS Use-After-Free Vulnerability |
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. CVE-2019-8526 Exploit Probability: 0.7% |
April 17, 2023 |
| Apple macOS Out-of-Bounds Write Vulnerability |
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. CVE-2022-22675 Exploit Probability: 1.0% |
April 4, 2022 |
| Apple macOS Out-of-Bounds Read Vulnerability |
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. CVE-2022-22674 Exploit Probability: 0.2% |
April 4, 2022 |
| Apple macOS Input Validation Error |
A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713 Exploit Probability: 0.1% |
November 3, 2021 |
| Apple macOS Policy Subsystem Gatekeeper Bypass |
A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30657 Exploit Probability: 76.3% |
November 3, 2021 |
The vulnerability CVE-2021-30657: Apple macOS Policy Subsystem Gatekeeper Bypass is in the top 5% of the currently known exploitable vulnerabilities.
Apple macOS EOL Dates
Ensure that you are using a supported version of Apple macOS. Here are some end of life, and end of support dates for Apple macOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | September 15, 2025 |
EOL
Apple macOS 13 became EOL in 2025. |
| 12 | September 16, 2024 |
EOL
Apple macOS 12 became EOL in 2024. |
| 11 | September 26, 2023 |
EOL
Apple macOS 11 became EOL in 2023. |
| 10.15 | September 12, 2022 |
EOL
Apple macOS 10.15 became EOL in 2022. |
| 10.14 | October 25, 2021 |
EOL
Apple macOS 10.14 became EOL in 2021. |
| 10.13 | December 1, 2020 |
EOL
Apple macOS 10.13 became EOL in 2020. |
| 10.12 | October 1, 2019 |
EOL
Apple macOS 10.12 became EOL in 2019. |
| 10.11 | December 1, 2018 |
EOL
Apple macOS 10.11 became EOL in 2018. |
| 10.9 | December 1, 2016 |
EOL
Apple macOS 10.9 became EOL in 2016. |
| 10.8 | August 13, 2015 |
EOL
Apple macOS 10.8 became EOL in 2015. |
| 10.7 | October 4, 2012 |
EOL
Apple macOS 10.7 became EOL in 2012. |
| 10.6 | July 25, 2011 |
EOL
Apple macOS 10.6 became EOL in 2011. |
| 10.5 | August 13, 2009 |
EOL
Apple macOS 10.5 became EOL in 2009. |
| 10.4 | November 14, 2007 |
EOL
Apple macOS 10.4 became EOL in 2007. |
| 10.3 | April 15, 2005 |
EOL
Apple macOS 10.3 became EOL in 2005. |
| 10.2 | October 3, 2003 |
EOL
Apple macOS 10.2 became EOL in 2003. |
| 10.1 | June 6, 2002 |
EOL
Apple macOS 10.1 became EOL in 2002. |
By the Year
In 2026 there have been 3 vulnerabilities in Apple macOS with an average score of 5.4 out of ten. Last year, in 2025 macOS had 666 security vulnerabilities published. Right now, macOS is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.18
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 5.43 |
| 2025 | 666 | 6.61 |
| 2024 | 536 | 6.39 |
| 2023 | 426 | 6.74 |
| 2022 | 381 | 7.10 |
| 2021 | 500 | 7.05 |
| 2020 | 264 | 7.10 |
| 2019 | 305 | 7.42 |
| 2018 | 89 | 7.26 |
It may take a day or so for new macOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple macOS Security Vulnerabilities
A permissions issue was addressed with additional restrictions
CVE-2025-46297
5.5 - Medium
- January 09, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.
Authorization
The issue was addressed with improved memory handling
CVE-2025-46298
6.5 - Medium
- January 09, 2026
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
A memory initialization issue was addressed with improved memory handling
CVE-2025-46299
4.3 - Medium
- January 09, 2026
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Authorization
macOS Tahoe 26.2 Cache Access Vulnerability Allows App to Read Protected Data
CVE-2025-43514
5.5 - Medium
- December 17, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
Information Disclosure
macOS Tahoe 26.2 Sandbox Escape Logic Issue
CVE-2025-46281
8.4 - High
- December 17, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.
Protection Mechanism Failure
macOS Tahoe 26.x Cache Flaw Allows App Data Leak
CVE-2025-46278
5 - Medium
- December 17, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
Information Disclosure
Apple iOS/watchOS: App ID Retrieval Privacy Issue Fixed in 18.7.3/26.2
CVE-2025-46279
9.8 - Critical
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
Information Disclosure
Apple Safari 26.2 Crashes on Malicious Web Content (CVE-2025-43535)
CVE-2025-43535
4.3 - Medium
- December 17, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple macOS Tahoe 26.2 Gatekeeper Bypass via Logic Issue
CVE-2025-46291
5.5 - Medium
- December 17, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.
Protection Mechanism Failure
Apple 26.2 OS: HID MEM Corrupt (Bad Input)
CVE-2025-43533
3.5 - Low
- December 17, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.
Improper Input Validation
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec
CVE-2025-43529
8.8 - High
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Dangling pointer
Safari <26.2: Web APIs via file: URL in Lockdown Mode
CVE-2025-43526
9.8 - Critical
- December 17, 2025
This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.
Open Redirect
Apple OS Payment Token Access via Permission Flaw (v26.2)
CVE-2025-46288
5.5 - Medium
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.
Authorization
Apple Safari race condition leads to crash from malicious content
CVE-2025-43531
3.1 - Low
- December 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Race Condition
Use-After-Free in Apple Safari 26.2 causing crashes
CVE-2025-43536
4.3 - Medium
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Apple macOS Tahoe 26.2 Validation Logic Issue Exposing Sensitive Data
CVE-2025-46283
5.5 - Medium
- December 17, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data.
Information Disclosure
Apple Photos Hidden Album View Without Auth Fixed in 26.2
CVE-2025-43428
9.8 - Critical
- December 17, 2025
A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.
Missing Authentication for Critical Function
Apple Safari Type Confusion Crash (pre-26.2)
CVE-2025-43541
4.3 - Medium
- December 17, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Object Type Confusion
Apple Safari Buffer Overflow Fixed in 26.2
CVE-2025-43501
4.3 - Medium
- December 17, 2025
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Classic Buffer Overflow
MacOS & Safari 26.2 Sensitive Data Leak via Missing Permission Checks
CVE-2025-46282
5.5 - Medium
- December 17, 2025
The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data.
Authorization
macOS 26.2 Redaction Fix Prevents Safari History Leak
CVE-2025-46277
5.5 - Medium
- December 17, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to access a users Safari history.
Insertion of Sensitive Information into Log File
Apple macOS Spellcheck API File Access Escalation (Fixed 14.8.3/15.7.3)
CVE-2025-43518
3.3 - Low
- December 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.
Authorization
macOS Sequoia 15.7.3 Downgrade Issue on Intel Macs Allows Data Access
CVE-2025-43522
3.3 - Low
- December 12, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data.
Improper Verification of Cryptographic Signature
macOS Tahoe 26.1 Root Privilege Escalation via Improved Checks
CVE-2025-43467
7.8 - High
- December 12, 2025
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.
macOS Tahoe 26.1: Vulnerability Allows App to Read Sensitive User Data
CVE-2025-43471
5.5 - Medium
- December 12, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
macOS Tahoe 26.1: Access Control Logic Issue Allows App-sensitive Data Access
CVE-2025-43406
5.5 - Medium
- December 12, 2025
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
macOS Notes cache flaw: deleted notes expose via physical access
CVE-2025-43410
2.4 - Low
- December 12, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.2, macOS Sonoma 14.8.2. An attacker with physical access may be able to view deleted notes.
Use of Cache Containing Sensitive Information
macOS Sonoma 14.x log data redaction flaw exposes sensitive data
CVE-2025-43538
- December 12, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43539
8.8 - High
- December 12, 2025
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
Buffer Overflow
macOS Sequoia 15.7.3: FaceTime Remote Control Reveals Password Fields
CVE-2025-43542
7.5 - High
- December 12, 2025
This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime.
Information Disclosure
macOS Tahoe 26.1 Permissions Issue: User Can View Admin Disk Image Files
CVE-2025-43470
5.5 - Medium
- December 12, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.
Incorrect Permission Assignment for Critical Resource
Apple macOS Sequoia 15.7.3: Permissions Restriction Issue
CVE-2025-43523
5.5 - Medium
- December 12, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
Information Disclosure
OS command Injection flaw in macOS Tahoe 26.1
CVE-2025-43466
5.5 - Medium
- December 12, 2025
An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Eval Injection
macOS Permission flaw allows app to access sensitive data (fixed 14.8.3)
CVE-2025-43519
7.5 - High
- December 12, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
Incorrect Default Permissions
macOS PrivEsc: Logic Issue Fixed in 14.8.3/15.7.3
CVE-2025-43512
7.8 - High
- December 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges.
Improper Privilege Management
macOS Data Access Flaw Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43416
9.8 - Critical
- December 12, 2025
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
Authorization
Apple macOS DoS via Input Validation Bug in Sonoma 14.8.3/Sequoia 15.7.3
CVE-2025-43482
5.5 - Medium
- December 12, 2025
The issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to cause a denial-of-service.
Improper Input Validation
macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3
CVE-2025-46287
9.8 - Critical
- December 12, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
User Interface (UI) Misrepresentation of Critical Information
Apple Mail Header Parsing DoS in iOS/macOS/watchOS (26.1)
CVE-2025-43494
7.5 - High
- December 12, 2025
A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.
Improper Input Validation
macOS Tahoe 26.1: Symlink Validation Flaw Allows App to Read Protected Data
CVE-2025-43461
5.5 - Medium
- December 12, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
insecure temporary file
Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43532
2.8 - Low
- December 12, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.
Classic Buffer Overflow
macOS Sonoma 14/Sequoia 15 App Sensitive Data Leakage
CVE-2025-43509
5.5 - Medium
- December 12, 2025
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
Information Disclosure
macOS Tahoe 26.1 Symlink Deletion Vulnerability
CVE-2025-43381
5.5 - Medium
- December 12, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.
insecure temporary file
macOS 14.8.3/15.7.3: Permissions Flaw Exposes Location Info
CVE-2025-43513
5.5 - Medium
- December 12, 2025
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information.
Authorization
Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-46285
7.8 - High
- December 12, 2025
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
Integer Overflow or Wraparound
macOS Tahoe 26.1 PrivRelay Activation Failure Multi-User (logic error)
CVE-2025-43506
7.5 - High
- December 12, 2025
A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time.
Object Type Confusion
Memory Corruption via Improper Lock State Checking in Apple OS 26.1
CVE-2025-43510
7.8 - High
- December 12, 2025
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Race Condition
macOS Tahoe 26.1: Heap Corrupt via Improper Memory Handling (CVE-2025-43402)
CVE-2025-43402
7.8 - High
- December 12, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.
Memory Corruption
Apple macOS Sonoma/Sequoia Sensitive Data Access CVE202543530
CVE-2025-43530
5.5 - Medium
- December 12, 2025
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.
Information Disclosure
Logic flaw in macOS file handling allows access to protected data (before 14.8.3)
CVE-2025-46289
5.5 - Medium
- December 12, 2025
A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Apple? Click the Watch button to subscribe.
