Apple tvOS Apple TV Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple tvOS.
Recent Apple tvOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 126797 | tvOS 26.4 - Apple Security Content | March 24, 2026 |
| 126351 | tvOS 26.3 - Apple Security Content | February 11, 2026 |
| 125889 | tvOS 26.2 - Apple Security Content | December 12, 2025 |
| 125637 | tvOS 26.1 - Apple Security Content | November 3, 2025 |
| 125114 | tvOS 26 - Apple Security Content | September 15, 2025 |
| 124153 | tvOS 18.6 - Apple Security Content | July 29, 2025 |
| 122720 | tvOS 18.5 - Apple Security Content | May 12, 2025 |
| 122401 | tvOS 18.4.1 - Apple Security Content | April 16, 2025 |
| 122377 | tvOS 18.4 - Apple Security Content | March 31, 2025 |
| 122072 | tvOS 18.3 - Apple Security Content | January 27, 2025 |
Apple tvOS EOL Dates
Ensure that you are using a supported version of Apple tvOS. Here are some end of life, and end of support dates for Apple tvOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 18 | September 15, 2025 |
EOL
Apple tvOS 18 became EOL in 2025. |
| 17 | September 16, 2024 |
EOL
Apple tvOS 17 became EOL in 2024. |
| 16 | September 18, 2023 |
EOL
Apple tvOS 16 became EOL in 2023. |
| 15 | September 12, 2022 |
EOL
Apple tvOS 15 became EOL in 2022. |
| 14 | September 20, 2021 |
EOL
Apple tvOS 14 became EOL in 2021. |
| 13 | September 16, 2020 |
EOL
Apple tvOS 13 became EOL in 2020. |
| 12 | September 24, 2019 |
EOL
Apple tvOS 12 became EOL in 2019. |
| 11 | September 17, 2018 |
EOL
Apple tvOS 11 became EOL in 2018. |
| 10 | September 19, 2017 |
EOL
Apple tvOS 10 became EOL in 2017. |
| 9 | September 13, 2016 |
EOL
Apple tvOS 9 became EOL in 2016. |
By the Year
In 2026 there have been 39 vulnerabilities in Apple tvOS with an average score of 6.0 out of ten. Last year, in 2025 tvOS had 207 security vulnerabilities published. Right now, tvOS is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.72
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 39 | 5.98 |
| 2025 | 207 | 6.71 |
| 2024 | 152 | 6.76 |
| 2023 | 133 | 7.00 |
| 2022 | 145 | 7.38 |
| 2021 | 242 | 7.15 |
| 2020 | 216 | 7.49 |
| 2019 | 262 | 7.91 |
| 2018 | 67 | 7.81 |
It may take a day or so for new tvOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple tvOS Security Vulnerabilities
Apple iOS CVE-2025-43210 OOB Access in Media Handling Fixed in iOS 18.6
CVE-2025-43210
6.3 - Medium
- April 02, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple OS (iOS/macOS) use-after-free CVE-2026-20687 (pre 18.7.7)
CVE-2026-20687
7.1 - High
- March 25, 2026
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.
Dangling pointer
Apple iOS/iPadOS Stack Overflow Fixed in 18.7.7 & 26.4
CVE-2026-28852
5.5 - Medium
- March 25, 2026
A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.
Improper Input Validation
Apple Safari 26.3: CSP Bypass via State Management Flaw
CVE-2026-20665
6.5 - Medium
- March 25, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Protection Mechanism Failure
Apple OS Null Pointer Deref Causing DoS Fixed in v18.7.7 & 26.4
CVE-2026-28886
5.9 - Medium
- March 25, 2026
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.
NULL Pointer Dereference
Apple OS Audio Stream OOB Bounds Check (fixed 18.7.7/15.7.5)
CVE-2026-20690
6.5 - Medium
- March 25, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciously crafted media file may terminate the process.
Out-of-bounds Read
Apple OS Auth State Management Flaw (iOS 18.7.7, macOS 15.7.5-26.4)
CVE-2026-28865
7.5 - High
- March 25, 2026
An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.
AuthZ
Apple iOS 18.7.7 - Sensitive Data Leak via App Enumeration Fix
CVE-2026-28878
6.5 - Medium
- March 25, 2026
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.
Information Disclosure
Apple Safari 26.4: Sandbox Escape via Memory Handling
CVE-2026-28859
4.3 - Medium
- March 25, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox.
Dangling pointer
Apple OS Type Confusion Vulnerability (fixed iOS 26.4, macOS 15.7.5, etc.)
CVE-2026-28822
6.2 - Medium
- March 25, 2026
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker may be able to cause unexpected app termination.
Object Type Confusion
Apple OS Fingerprinting via Permissions Flaw before 26.4
CVE-2026-28863
6.5 - Medium
- March 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.
Apple WebKit use-after-free before iOS 18.7.7 crash
CVE-2026-28879
6.5 - Medium
- March 25, 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
Apple iOS use-after-free fixed in 18.7.7/26.3
CVE-2026-20637
6.2 - Medium
- March 25, 2026
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.
Dangling pointer
Apple OS Kernel Memory Corruption via Improper Handling (before 26.4)
CVE-2026-20698
5.5 - Medium
- March 25, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory.
Buffer Overflow
App Enumeration Vulnerability in Apple iOS 26.4 (enumerating installed apps)
CVE-2026-28882
4 - Medium
- March 25, 2026
This issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.
Apple OS InfoLeak Vulnerability (iOS/macOS...) before 26.4
CVE-2026-28870
5.5 - Medium
- March 25, 2026
An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.
Apple iOS/iPadOS 18.7+: Kernel State Leak via Improper Auth
CVE-2026-28867
6.2 - Medium
- March 25, 2026
This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.
Apple OS DoS via Malicious File Handling (fixed in 26.3, 14.8.4, 15.7.4, 18.7.5)
CVE-2026-20609
4.4 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
Out-of-bounds Read
Apple OS Logging Leak Fixed in 26.3
CVE-2026-20649
5.5 - Medium
- February 11, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.
Insecure Temporary File
Apple OS 26.3: Memory Corruption CVE-2026-20700 Fixed
CVE-2026-20700
7.8 - High
- February 11, 2026
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Buffer Overflow
Apple OS Sandbox Escape via Permission Issue before 15.7.4
CVE-2026-20628
7.1 - High
- February 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox.
Authorization
Safari memory handling crash (CVE-2026-20635)
CVE-2026-20635
4.3 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS HID Bounds Check Crash (before 15.7.4)
CVE-2025-46301
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Apple OS 26.3 Memory Handling Fix Prevents App-Induced System Termination
CVE-2026-20654
5.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.
Buffer Overflow
Apple HID Bound-Check Crash (macOS/iOS) before 15.7.4/18.7.5
CVE-2025-46300
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Apple OS Image Parser Memory Disclosure (before 18.7.5/26.3)
CVE-2026-20634
5.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
Apple OS Image Disclosure Pre 26.3
CVE-2026-20675
7.8 - High
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.
Out-of-bounds Read
Apple macOS/iOS HID bounds check flaw process crash (CVE-2025-46303)
CVE-2025-46303
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Root via race condition on Apple OS v26.3
CVE-2026-20617
7 - High
- February 11, 2026
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.
Race Condition
Apple OS App-Discovery Priv. Bypass (watchOS 26.3 / tvOS 26.3 / macOS 15.7.4 / iOS 18.7.5)
CVE-2026-20641
7.1 - High
- February 11, 2026
A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed.
Information Disclosure
Apple macOS/HID crash fixed in Sequoia 15.7.4, iOS 18.7.5
CVE-2025-46302
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Apple OS DoS via Bluetooth (CVE-2026-20650) fixed in 26.3
CVE-2026-20650
7.5 - High
- February 11, 2026
A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.
Resource Exhaustion
Apple OS Media OOB Crash, fixed v26.3/14.8.4/15.7.4
CVE-2026-20611
7.8 - High
- February 11, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple macOS SEQUOIA 15.7.4 / SONOMA 14.8.4 HID Crash via Bounds Check
CVE-2025-46305
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Buffer Overflow
Apple OS network logic flaw allows traffic interception (fixed 26.3 & 14.8.4)
CVE-2026-20671
3.1 - Low
- February 11, 2026
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.
Apple macOS/iOS HID bounds check crash (CVE-2025-46304)
CVE-2025-46304
5.7 - Medium
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Resource Exhaustion
Apple WebKit Memory Handling Crash Fixed v26.2
CVE-2025-46298
6.5 - Medium
- January 09, 2026
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Memory init leak in Safari 26.2 on Apple iOS/watchOS/etc. (CVE-2025-46299)
CVE-2025-46299
4.3 - Medium
- January 09, 2026
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Authorization
curl: OAuth2 Bearer Token Leak via Cross-Protocol Redirect
CVE-2025-14524
5.3 - Medium
- January 08, 2026
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Apple iOS/watchOS: App ID Retrieval Privacy Issue Fixed in 18.7.3/26.2
CVE-2025-46279
9.8 - Critical
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to identify what other apps a user has installed.
Information Disclosure
Apple 26.2 OS: HID MEM Corrupt (Bad Input)
CVE-2025-43533
5.7 - Medium
- December 17, 2025
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Improper Input Validation
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec
CVE-2025-43529
8.8 - High
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Dangling pointer
Apple Safari race condition leads to crash from malicious content
CVE-2025-43531
3.1 - Low
- December 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Race Condition
macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43539
8.8 - High
- December 12, 2025
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.
Buffer Overflow
Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43532
2.8 - Low
- December 12, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data may lead to unexpected app termination.
Classic Buffer Overflow
Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-46285
7.8 - High
- December 12, 2025
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to gain root privileges.
Integer Overflow or Wraparound
Memory Corruption via Improper Lock State Checking in Apple OS 26.1
CVE-2025-43510
7.8 - High
- December 12, 2025
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Improper Locking
Apple OS Kernel Memcorrupt (iOS18.7.2, watchOS26.1, macOS15.7.2) fixed 26.1
CVE-2025-43520
5.5 - Medium
- December 12, 2025
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
Classic Buffer Overflow
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
Libpng <1.6.51 Heap Over-read via png_do_quantize on Malformed Palette
CVE-2025-64505
6.1 - Medium
- November 24, 2025
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple tvOS or by Apple? Click the Watch button to subscribe.
