Apple visionOS
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple visionOS.
Recent Apple visionOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 126353 | visionOS 26.3 - Apple Security Content | February 11, 2026 |
| 125891 | visionOS 26.2 - Apple Security Content | December 12, 2025 |
| 125638 | visionOS 26.1 - Apple Security Content | November 3, 2025 |
| 125338 | visionOS 26.0.1 - Apple Security Content | September 29, 2025 |
| 125115 | visionOS 26 - Apple Security Content | September 15, 2025 |
| 124154 | visionOS 2.6 - Apple Security Content | July 29, 2025 |
| 122721 | visionOS 2.5 - Apple Security Content | May 12, 2025 |
| 122402 | visionOS 2.4.1 - Apple Security Content | April 16, 2025 |
| 122378 | visionOS 2.4 - Apple Security Content | March 31, 2025 |
| 122284 | visionOS 2.3.2 - Apple Security Content | March 11, 2025 |
EOL Dates
Ensure that you are using a supported version of Apple visionOS. Here are some end of life, and end of support dates for Apple visionOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 2 | September 15, 2025 |
EOL
Apple visionOS 2 became EOL in 2025. |
| 1 | September 16, 2024 |
EOL
Apple visionOS 1 became EOL in 2024. |
By the Year
In 2026 there have been 28 vulnerabilities in Apple visionOS with an average score of 6.3 out of ten. Last year, in 2025 visionOS had 236 security vulnerabilities published. Right now, visionOS is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.30
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 28 | 6.32 |
| 2025 | 236 | 6.62 |
| 2024 | 121 | 6.78 |
| 2023 | 1 | 6.50 |
It may take a day or so for new visionOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple visionOS Security Vulnerabilities
Apple Safari 26.3 WebKit crash via memory handling flaw
CVE-2026-20644
6.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Safari DoS via Improper Memory Handling (pre-26.3)
CVE-2026-20652
7.5 - High
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
Resource Exhaustion
Apple macOS Sequoia 15.7.4: Directory Path Parsing Issue
CVE-2026-20625
5.5 - Medium
- February 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data.
Directory traversal
Apple OS DoS via Malicious File Handling (fixed in 26.3, 14.8.4, 15.7.4, 18.7.5)
CVE-2026-20609
4.4 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
Out-of-bounds Read
Safari Crash via Malicious Web Content Fixed in 26.3
CVE-2026-20608
5.5 - Medium
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Allocation of Resources Without Limits or Throttling
Directory Path Parsing Issue - Apple OS (pre-26.3,14.8.4,15.7.4,18.7.5)
CVE-2026-20653
5.5 - Medium
- February 11, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.
Directory traversal
Apple OS 26.3: Memory Corruption CVE-2026-20700 Fixed
CVE-2026-20700
7.8 - High
- February 11, 2026
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Buffer Overflow
Apple OS Sandbox Escape via Permission Issue before 15.7.4
CVE-2026-20628
7.1 - High
- February 11, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
Authorization
Safari memory handling crash (CVE-2026-20635)
CVE-2026-20635
4.3 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Root Priv Escalation via Path Handling in Apple iOS 26.3
CVE-2026-20615
7.8 - High
- February 11, 2026
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
Directory traversal
Apple OS 26.3 Memory Handling Fix Prevents App-Induced System Termination
CVE-2026-20654
5.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.
Buffer Overflow
Apple OS Image Parser Memory Disclosure (before 18.7.5/26.3)
CVE-2026-20634
5.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
Apple OS Image Disclosure Pre 26.3
CVE-2026-20675
7.8 - High
- February 11, 2026
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information.
Out-of-bounds Read
Apple macOS/iOS Kernel Mem Corrupt (pre-26.3/18.7.5)
CVE-2026-20621
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
Apple macOS/iOS path handling flaw enabling arbitrary file write (pre-26.3)
CVE-2026-20660
5.5 - Medium
- February 11, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.
Directory traversal
Safari Web Extension Tracking Flaw Fixed in 26.3
CVE-2026-20676
- February 11, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Root via race condition on Apple OS v26.3
CVE-2026-20617
7 - High
- February 11, 2026
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.
Race Condition
Out-of-Bounds Write in USD File Parser Fixed in iOS 18.7.5 / macOS 14.8.4
CVE-2026-20616
8.8 - High
- February 11, 2026
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.
Memory Corruption
Apple OS App-Discovery Priv. Bypass (watchOS 26.3 / tvOS 26.3 / macOS 15.7.4 / iOS 18.7.5)
CVE-2026-20641
7.1 - High
- February 11, 2026
A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to identify what other apps a user has installed.
Information Disclosure
macOS Sandboxing Bypass via Symbolic Link Race (pre-26.3/14.8.4/18.7.5)
CVE-2026-20677
- February 11, 2026
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.
Apple Safari WebKit memory bug causes crashes before iOS 26.3
CVE-2026-20636
6.5 - Medium
- February 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple OS DoS via Bluetooth (CVE-2026-20650) fixed in 26.3
CVE-2026-20650
7.5 - High
- February 11, 2026
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets.
Resource Exhaustion
Apple OS Media OOB Crash, fixed v26.3/14.8.4/15.7.4
CVE-2026-20611
7.8 - High
- February 11, 2026
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple OS Env Var Validation Flaw before 26.3
CVE-2026-20627
5.5 - Medium
- February 11, 2026
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.
Improper Input Validation
Apple OS network logic flaw allows traffic interception (fixed 26.3 & 14.8.4)
CVE-2026-20671
3.1 - Low
- February 11, 2026
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to intercept network traffic.
Root Privilege Escalation in Apple OS before 15.7.4/26.3
CVE-2026-20626
7.8 - High
- February 11, 2026
This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
AuthZ
Apple WebKit Memory Handling Crash Fixed v26.2
CVE-2025-46298
6.5 - Medium
- January 09, 2026
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Memory init leak in Safari 26.2 on Apple iOS/watchOS/etc. (CVE-2025-46299)
CVE-2025-46299
4.3 - Medium
- January 09, 2026
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Authorization
Apple iOS/watchOS: App ID Retrieval Privacy Issue Fixed in 18.7.3/26.2
CVE-2025-46279
9.8 - Critical
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
Information Disclosure
Apple Safari 26.2 Crashes on Malicious Web Content (CVE-2025-43535)
CVE-2025-43535
4.3 - Medium
- December 17, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Apple 26.2 OS: HID MEM Corrupt (Bad Input)
CVE-2025-43533
5.7 - Medium
- December 17, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.
Improper Input Validation
Apple iOS/macOS Use-After-Free in Safari (fixed 26.2) CAU leading to code exec
CVE-2025-43529
8.8 - High
- December 17, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Dangling pointer
Apple OS Payment Token Access via Permission Flaw (v26.2)
CVE-2025-46288
5.5 - Medium
- December 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.
Authorization
Apple Safari race condition leads to crash from malicious content
CVE-2025-43531
3.1 - Low
- December 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Race Condition
Apple Photos Hidden Album View Without Auth Fixed in 26.2
CVE-2025-43428
9.8 - Critical
- December 17, 2025
A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.
Missing Authentication for Critical Function
Apple Safari Type Confusion Crash (pre-26.2)
CVE-2025-43541
4.3 - Medium
- December 17, 2025
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Object Type Confusion
Apple Safari Buffer Overflow Fixed in 26.2
CVE-2025-43501
4.3 - Medium
- December 17, 2025
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Classic Buffer Overflow
macOS Sonoma 14.x log data redaction flaw exposes sensitive data
CVE-2025-43538
3.3 - Low
- December 12, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
Information Disclosure
macOS File Processing Memory Corruption (Fixed 14.8.3/15.7.3)
CVE-2025-43539
8.8 - High
- December 12, 2025
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
Buffer Overflow
macOS Sequoia 15.7.3: FaceTime Remote Control Reveals Password Fields
CVE-2025-43542
7.5 - High
- December 12, 2025
This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime.
Information Disclosure
macOS FaceTime Caller ID Spoof Before 14.8.3/15.7.3
CVE-2025-46287
9.8 - Critical
- December 12, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
User Interface (UI) Misrepresentation of Critical Information
Apple Mail Header Parsing DoS in iOS/macOS/watchOS (26.1)
CVE-2025-43494
7.5 - High
- December 12, 2025
A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.
Improper Input Validation
Memory Corruption via Bounds Check, macOS Sonoma 14.8.3 / Sequoia 15.7.3
CVE-2025-43532
2.8 - Low
- December 12, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination.
Classic Buffer Overflow
Apple macOS Integer Overflow Root Escalation Fixed in 14.8.3/15.7.3
CVE-2025-46285
7.8 - High
- December 12, 2025
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
Integer Overflow or Wraparound
Memory Corruption via Improper Lock State Checking in Apple OS 26.1
CVE-2025-43510
7.8 - High
- December 12, 2025
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Race Condition
Use-After-Free Crash via Web Content in iOS+iPadOS (fixed in 18.7.2)
CVE-2025-43511
6.5 - Medium
- December 12, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Dangling pointer
macOS Info-Disclosure via Privacy Controls (Sonoma<14.8.3/Sequoia<15.7.3)
CVE-2025-46276
3.3 - Low
- December 12, 2025
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app may be able to access sensitive user data.
Apple OS Kernel Memcorrupt (iOS18.7.2, watchOS26.1, macOS15.7.2) fixed 26.1
CVE-2025-43520
5.5 - Medium
- December 12, 2025
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
Apple OS Kernel OOB Read via Bounds Check - Fixed in iOS 18.5
CVE-2025-43374
4.3 - Medium
- November 21, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.
Stack Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple visionOS or by Apple? Click the Watch button to subscribe.
