Apple Software and Device Maker
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Apple product.
RSS Feeds for Apple security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 127594 | iOS 26.5.2 and iPadOS 26.5.2 - Apple Security Content | June 29, 2026 |
| 127595 | macOS Tahoe 26.5.2 - Apple Security Content | June 29, 2026 |
| 127685 | Safari 26.5.2 - Apple Security Content | June 29, 2026 |
| 127557 | Beats Firmware Update 1B211 - Apple Security Content | June 16, 2026 |
| 127121 | Safari 26.5 - Apple Security Content | May 13, 2026 |
| 127112 | iPadOS 17.7.11 - Apple Security Content | May 11, 2026 |
| 127116 | macOS Sequoia 15.7.7 - Apple Security Content | May 11, 2026 |
| 127117 | macOS Sonoma 14.8.7 - Apple Security Content | May 11, 2026 |
| 127115 | macOS Tahoe 26.5 - Apple Security Content | May 11, 2026 |
| 127111 | iOS 18.7.9 and iPadOS 18.7.9 - Apple Security Content | May 11, 2026 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple Multiple Products Classic Buffer Overflow Vulnerability |
Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory. CVE-2025-43520 Exploit Probability: 0.4% |
March 20, 2026 |
| Apple Multiple Products Improper Locking Vulnerability |
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes. CVE-2025-43510 Exploit Probability: 0.3% |
March 20, 2026 |
| Apple Multiple Products Buffer Overflow Vulnerability |
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption. CVE-2025-31277 Exploit Probability: 1.5% |
March 20, 2026 |
| Apple Multiple products Use-After-Free Vulnerability |
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. CVE-2023-43000 Exploit Probability: 4.0% |
March 5, 2026 |
| Apple iOS and iPadOS Use-After-Free Vulnerability |
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. CVE-2023-41974 Exploit Probability: 1.4% |
March 5, 2026 |
| Apple Multiple Products Integer Overflow or Wraparound Vulnerability |
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. CVE-2021-30952 Exploit Probability: 7.6% |
March 5, 2026 |
| Apple Multiple Buffer Overflow Vulnerability |
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. CVE-2026-20700 Exploit Probability: 1.3% |
February 12, 2026 |
| Apple Multiple Products Use-After-Free WebKit Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. CVE-2025-43529 Exploit Probability: 8.4% |
December 15, 2025 |
| Apple Multiple Products Unspecified Vulnerability |
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2022-48503 Exploit Probability: 3.2% |
October 20, 2025 |
| Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability |
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework. CVE-2025-43300 Exploit Probability: 20.0% |
August 21, 2025 |
| Apple Multiple Products Unspecified Vulnerability |
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link. CVE-2025-43200 Exploit Probability: 1.0% |
June 16, 2025 |
| Apple Multiple Products Memory Corruption Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. CVE-2025-31200 Exploit Probability: 21.3% |
April 17, 2025 |
| Apple Multiple Products Arbitrary Read and Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. CVE-2025-31201 Exploit Probability: 12.4% |
April 17, 2025 |
| Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. CVE-2025-24201 Exploit Probability: 4.2% |
March 13, 2025 |
| Apple iOS and iPadOS Incorrect Authorization Vulnerability |
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device. CVE-2025-24200 Exploit Probability: 4.9% |
February 12, 2025 |
| Apple Multiple Products Use-After-Free Vulnerability |
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges. CVE-2025-24085 Exploit Probability: 18.7% |
January 29, 2025 |
| Apple Multiple Products Code Execution Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution. CVE-2024-44308 Exploit Probability: 9.2% |
November 21, 2024 |
| Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. CVE-2024-44309 Exploit Probability: 21.0% |
November 21, 2024 |
| Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 Exploit Probability: 1.4% |
March 6, 2024 |
| Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 Exploit Probability: 1.5% |
March 6, 2024 |
5 known exploited Apple vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Apple Vulnerabilities
Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2021-30860 | 76.0% | Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability |
| 2 | CVE-2021-30657 | 68.5% | Apple macOS Policy Subsystem Gatekeeper Bypass |
| 3 | CVE-2016-4657 | 66.8% | Apple iOS Webkit Memory Corruption Vulnerability |
| 4 | CVE-2023-32434 | 51.5% | Apple Multiple Products Integer Overflow Vulnerability |
| 5 | CVE-2014-4404 | 49.0% | Apple OS X Heap-Based Buffer Overflow Vulnerability |
| 6 | CVE-2016-4655 | 33.4% | Apple iOS Information Disclosure Vulnerability |
| 7 | CVE-2023-41993 | 29.2% | Apple Multiple Products WebKit Code Execution Vulnerability |
| 8 | CVE-2021-30807 | 28.8% | Apple iOS and macOS Memory Corruption Vulnerability |
| 9 | CVE-2023-28205 | 27.1% | Apple Multiple Products WebKit Use-After-Free Vulnerability |
| 10 | CVE-2023-28206 | 24.5% | Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability |
By the Year
In 2026 there have been 348 vulnerabilities in Apple with an average score of 6.4 out of ten. Last year, in 2025 Apple had 757 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.13
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 348 | 6.41 |
| 2025 | 757 | 6.54 |
| 2024 | 628 | 6.30 |
| 2023 | 513 | 6.71 |
| 2022 | 464 | 7.06 |
| 2021 | 603 | 6.94 |
| 2020 | 502 | 6.89 |
| 2019 | 564 | 7.67 |
| 2018 | 226 | 7.33 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-43700 | Jun 29, 2026 |
Apple Safari 26.5.1 Cross-Origin Info LeakA cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information. |
And others... |
| CVE-2026-43716 | Jun 29, 2026 |
Safari 26.5.2 Crash via Malicious Web Content, FixedThe issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43720 | Jun 29, 2026 |
Safari use-after-free CVE-2026-43720 fixed in Safari 26.5.2A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-39868 | Jun 29, 2026 |
Kernel Mem Corruption via Input Validation in Apple iOS/iPadOS/macOS 26.5.2 - FixedThis issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory. |
And others... |
| CVE-2026-43721 | Jun 29, 2026 |
Clipboard Hijack in Safari 26.5.2 (iOS/macOS)This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijack clipboard data. |
And others... |
| CVE-2026-39872 | Jun 29, 2026 |
Apple Safari 26.5.2: Memory Handling Crash with Malicious Web ContentThe issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43717 | Jun 29, 2026 |
Apple Safari 26.5.2 UAF Crash via Malformed Web ContentA use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43740 | Jun 29, 2026 |
Apple Safari 26.5.2 Memory Disclosure via Malicious Web ContentThe issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may result in the disclosure of process memory. |
And others... |
| CVE-2026-43701 | Jun 29, 2026 |
Apple Safari/iOS Sandbox Bypass via Malicious Site (fixed in 26.5.2)The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox. |
And others... |
| CVE-2026-43663 | Jun 29, 2026 |
Safari Mem Corruption Crash <26.5.2The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43726 | Jun 29, 2026 |
Use-After-Free in Safari 26.5.2 Causing CrashA use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43706 | Jun 29, 2026 |
Apple iOS/iPadOS/macOS double free bug in web content 26.5.2A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43746 | Jun 29, 2026 |
Apple Safari 26.5.2 Use-After-Free CrashA use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43707 | Jun 29, 2026 |
Safari 26.5.2 Memory Corruption Fix: Crash from Malicious Web ContentA memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43727 | Jun 29, 2026 |
Use-After-Free Crash in Safari, iOS/iPadOS/macOS, Fixed in 26.5.2A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43731 | Jun 29, 2026 |
Apple Safari <26.5.2: UAF in Web Content (fixed v26.5.2)A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption. |
And others... |
| CVE-2026-43724 | Jun 29, 2026 |
Kernel memory write in Apple OS 26.5.2 (iOS, iPadOS, macOS)The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory. |
And others... |
| CVE-2026-43732 | Jun 29, 2026 |
Safari Path Handling Disclosure Vulnerability Fixed 26.5.2A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information. |
And others... |
| CVE-2026-43708 | Jun 29, 2026 |
CVE-2026-43708 Safari <26.5.2 cross-origin data exfiltrationThe issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin. |
And others... |
| CVE-2026-43712 | Jun 29, 2026 |
Apple Safari Crash via Malicious Web Content, Fixed in 26.5.2The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43745 | Jun 29, 2026 |
Out-of-Bounds Write Leading to Safari Crash (pre-26.5.2)An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43704 | Jun 29, 2026 |
Apple Safari 26.5.2 Use-After-Free in Web Extension Causing CrashA use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash. |
And others... |
| CVE-2026-43705 | Jun 29, 2026 |
Safari & iOS Type Confusion Memory Corruption Fixed in 26.5.2A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption. |
And others... |
| CVE-2026-43713 | Jun 29, 2026 |
Safari/iOS/iPadOS Permissions Leak, fixed in 26.5.2A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data. |
And others... |
| CVE-2026-43709 | Jun 29, 2026 |
Safari UAF Crash Fixed in 26.5.2A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43699 | Jun 29, 2026 |
Apple Safari UAF in 26.5.2: Crash via Malicious Web ContentA use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43676 | Jun 29, 2026 |
Safari OOB Crash (v26.5.2) Boundscheck FixAn out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43725 | Jun 29, 2026 |
Apple Safari 26.5.2: Sandbox Escape via Input ValidationThe issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox. |
And others... |
| CVE-2026-43743 | Jun 29, 2026 |
Race Condition in Apple OS (iOS 26.5.2/iPadOS 26.5.2/macOS Tahoe) CrashA race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination. |
And others... |
| CVE-2026-43722 | Jun 29, 2026 |
Kernel State Leak from Improper Sanitization in Apple iOS/macOS 26.5.2The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state. |
And others... |
| CVE-2026-43718 | Jun 29, 2026 |
Apple Safari stack overflow via malformed web content (pre-26.5.2)A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
And others... |
| CVE-2026-43734 | Jun 29, 2026 |
Safari UA-FREE CVE-2026-43734 fixed in 26.5.2A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-28979 | Jun 29, 2026 |
Apple Safari/iOS/iPadOS/macOS Tahoe OOB Access (Fixed 26.5.2)An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43735 | Jun 29, 2026 |
Apple Safari Cross-Origin Data Exfil - Fixed in 26.5.2The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin. |
And others... |
| CVE-2026-43703 | Jun 29, 2026 |
Apple WebKit <=26.5.2 Crash via Malformed Web ContentThe issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43742 | Jun 29, 2026 |
Safari UAF vulnerability; fixed in Safari 26.5.2A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
And others... |
| CVE-2026-43715 | Jun 29, 2026 |
Use-After-Free in Apple Safari <26.5.2 (memory corruption)A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption. |
And others... |
| CVE-2026-28898 | Jun 25, 2026 |
swift-nio-http2 1.44.1 Secures H2-H1 Codec Pseudo-Header Checksswift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values (:path, :authority, :scheme, :method, and :status) at both the HPACK header validation layer and the HTTP/2-to-HTTP/1.1 translation layer. Requests or responses containing CR, LF, or NUL bytes in any pseudo-header value are now rejected with a connection error. This issue is fixed in swift-nio-http2 1.44.1. |
|
| CVE-2025-30431 | Jun 11, 2026 |
macOS Sequoia/SON+ Ventura Priv Esc via Improper Access CheckThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information. |
|
| CVE-2025-24268 | Jun 11, 2026 |
macOS Sequoia 15.4: Path Validation Vulnerability in Directory HandlingA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. |
|
| CVE-2025-43339 | Jun 11, 2026 |
macOS Tahoe 26.0 Sandbox Access Issue (CVE-2025-43339)An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data. |
|
| CVE-2025-46293 | Jun 11, 2026 |
macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293)This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. |
|
| CVE-2025-46315 | Jun 11, 2026 |
macOS Tahoe 26.1: Fixed Permissions Issue Accessing Protected DataA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. |
|
| CVE-2025-30459 | Jun 11, 2026 |
Privacy Issue in macOS Sequoia 15.4 (CVE202530459)A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. |
|
| CVE-2025-31272 | Jun 11, 2026 |
macOS Sequoia 15.4 Launch Constraint Bypass Elevated PrivilegeThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges. |
|
| CVE-2025-24284 | Jun 11, 2026 |
macOS Sequoia 15.4: Sandbox Escape Vulnerability (CVE-2025-24284)This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. |
|
| CVE-2025-24165 | Jun 11, 2026 |
macOS Permission Flaw May Cause System Termination (Fixed 15.4/14.7.5/13.7.5)A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. |
|
| CVE-2025-43278 | Jun 11, 2026 |
macOS <15.4 Symlink Bypass Access to Protected DataThis issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. |
|
| CVE-2025-46313 | Jun 11, 2026 |
macOS 26.1 Vulnerable Logging Redaction Exposes User DataA logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. |
|
| CVE-2025-46308 | Jun 11, 2026 |
AuthZ Leak via State Mgmt in iOS/iPadOS/macOS (pre-18.4/15.4)An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information. |
|