Apple Apple Software and Device Maker

  1. Vendors
  2. Apple

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Apple product.

RSS Feeds for Apple security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple macOS3587 vulnerabilities
Macintosh Operating System

Apple iOS2506 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPadOS1832 vulnerabilities
Apple iPad Operating System

Apple watchOS1486 vulnerabilities
Apple Watch Operating System

Apple tvOS1483 vulnerabilities
Apple TV Operating System

Apple Ios And Ipados863 vulnerabilities

Apple Safari647 vulnerabilities

Apple iPadOS568 vulnerabilities
Apple iPad Operating System

Apple visionOS427 vulnerabilities

Apple iTunes247 vulnerabilities
Apple iTunes Software

Apple iCloud207 vulnerabilities

Apple Macos Sonoma203 vulnerabilities

Apple Xcode64 vulnerabilities

Apple Swift15 vulnerabilities

Apple Music11 vulnerabilities

Apple Garageband8 vulnerabilities

Apple Carplay2 vulnerabilities

Apple AirPods2 vulnerabilities
Apple AirPods Firmware and Hardware

Apple AirPlay2 vulnerabilities

Apple Macos Monterey1 vulnerability

Apple Macos Ventura1 vulnerability

Apple Magic Keyboard1 vulnerability

Apple Compressor1 vulnerability

Apple Securerom1 vulnerability

Apple Smart Card Services1 vulnerability

Apple App Store Connect1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
126795 macOS Sequoia 15.7.5 - Apple Security Content March 24, 2026
126797 tvOS 26.4 - Apple Security Content March 24, 2026
126798 watchOS 26.4 - Apple Security Content March 24, 2026
126801 Xcode 26.4 - Apple Security Content March 24, 2026
126796 macOS Sonoma 14.8.5 - Apple Security Content March 24, 2026
126793 iOS 18.7.7 and iPadOS 18.7.7 - Apple Security Content March 24, 2026
126799 visionOS 26.4 - Apple Security Content March 24, 2026
126800 Safari 26.4 - Apple Security Content March 24, 2026
126794 macOS Tahoe 26.4 - Apple Security Content March 24, 2026
126792 iOS 26.4 and iPadOS 26.4 - Apple Security Content March 24, 2026

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple Multiple Products Classic Buffer Overflow Vulnerability Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
CVE-2025-43520 Exploit Probability: 0.3% 		March 20, 2026
Apple Multiple Products Improper Locking Vulnerability Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
CVE-2025-43510 Exploit Probability: 0.5% 		March 20, 2026
Apple Multiple Products Buffer Overflow Vulnerability Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
CVE-2025-31277 Exploit Probability: 0.2% 		March 20, 2026
Apple Multiple products Use-After-Free Vulnerability Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
CVE-2023-43000 Exploit Probability: 0.1% 		March 5, 2026
Apple iOS and iPadOS Use-After-Free Vulnerability Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-41974 Exploit Probability: 0.2% 		March 5, 2026
Apple Multiple Products Integer Overflow or Wraparound Vulnerability Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
CVE-2021-30952 Exploit Probability: 1.3% 		March 5, 2026
Apple Multiple Buffer Overflow Vulnerability Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2026-20700 Exploit Probability: 0.3% 		February 12, 2026
Apple Multiple Products Use-After-Free WebKit Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-43529 Exploit Probability: 0.1% 		December 15, 2025
Apple Multiple Products Unspecified Vulnerability Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2022-48503 Exploit Probability: 0.2% 		October 20, 2025
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
CVE-2025-43300 Exploit Probability: 2.2% 		August 21, 2025
Apple Multiple Products Unspecified Vulnerability Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
CVE-2025-43200 Exploit Probability: 0.5% 		June 16, 2025
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
CVE-2025-31200 Exploit Probability: 2.1% 		April 17, 2025
Apple Multiple Products Arbitrary Read and Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
CVE-2025-31201 Exploit Probability: 2.3% 		April 17, 2025
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-24201 Exploit Probability: 0.1% 		March 13, 2025
Apple iOS and iPadOS Incorrect Authorization Vulnerability Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
CVE-2025-24200 Exploit Probability: 47.9% 		February 12, 2025
Apple Multiple Products Use-After-Free Vulnerability Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
CVE-2025-24085 Exploit Probability: 15.9% 		January 29, 2025
Apple Multiple Products Code Execution Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
CVE-2024-44308 Exploit Probability: 1.5% 		November 21, 2024
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
CVE-2024-44309 Exploit Probability: 1.3% 		November 21, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23296 Exploit Probability: 0.2% 		March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23225 Exploit Probability: 0.2% 		March 6, 2024

The vulnerability CVE-2025-24200: Apple iOS and iPadOS Incorrect Authorization Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

Top 10 Riskiest Apple Vulnerabilities

Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-41064 85.4% Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
2 CVE-2021-30657 83.1% Apple macOS Policy Subsystem Gatekeeper Bypass
3 CVE-2016-4655 81.7% Apple iOS Information Disclosure Vulnerability
4 CVE-2016-4657 77.1% Apple iOS Webkit Memory Corruption Vulnerability
5 CVE-2021-30860 70.6% Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability
6 CVE-2016-4656 66.7% Apple iOS Memory Corruption Vulnerability
7 CVE-2014-4404 62.0% Apple OS X Heap-Based Buffer Overflow Vulnerability
8 CVE-2023-32434 61.2% Apple Multiple Products Integer Overflow Vulnerability
9 CVE-2025-24200 47.9% Apple iOS and iPadOS Incorrect Authorization Vulnerability
10 CVE-2020-27930 44.5% Apple iOS and macOS FontParser Remote Code Execution Vulnerability

By the Year

In 2026 there have been 193 vulnerabilities in Apple with an average score of 5.9 out of ten. Last year, in 2025 Apple had 756 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.58




Year Vulnerabilities Average Score
2026 193 5.93
2025 756 6.51
2024 628 6.30
2023 513 6.73
2022 464 7.06
2021 603 6.94
2020 502 6.91
2019 564 7.68
2018 223 7.35

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-28815 Apr 03, 2026
OOB Read in X-Wing HPKE Decapsulation of swift-crypto v4.3.1 A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
macOS
CVE-2025-43236 Apr 02, 2026
macOS Type Confusion CVE202543236 Fixed 15.6/14.7.7/13.7.7 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.
macOS
CVE-2025-43257 Apr 02, 2026
macOS Sequoia 15.6 Symlink Handling Sandbox Bypass This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
macOS
CVE-2024-40849 Apr 02, 2026
macOS Sequoia Sandbox Escape via Race Condition (before 15.1) A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.
macOS
CVE-2024-44303 Apr 02, 2026
macOS Sequoia 15.1 FS Modification Vulnerability (CVE-2024-44303) The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.
macOS
CVE-2025-43210 Apr 02, 2026
Apple iOS CVE-2025-43210 OOB Access in Media Handling Fixed in iOS 18.6 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
iOS
iPadOS
iPadOS
And others...
CVE-2024-44250 Apr 02, 2026
macOS Sequoia 15.1: Sandbox Elevation, Arb. Code Exec (CVE-2024-44250) A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
macOS
CVE-2024-40858 Apr 02, 2026
MacOS Sequoia 15.1 Fix: Contacts Access Without Consent (Permissions Restriction) A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.
macOS
CVE-2025-43264 Apr 02, 2026
macOS 15.6 MemCorruption via Malicious Image (CVE-2025-43264) The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
macOS
CVE-2024-44286 Apr 02, 2026
macOS Sequoia 15.1 Keyboard Event Physical Access Escalation This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.
macOS
CVE-2024-44219 Apr 02, 2026
macOS Sequoia 15.x Permissions Bypass: Root Apps Read Private Data A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
macOS
CVE-2025-43202 Apr 02, 2026
Apple iOS 18.6+ Mem Corruption via File Processing (CVE-2025-43202) This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.
iOS
iPadOS
macOS
And others...
CVE-2025-43238 Apr 02, 2026
int overflow in macOS may cause termination (fixed 13.7.7/14.7.7/15.6) An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
macOS
CVE-2025-43219 Apr 02, 2026
macOS Sequoia 15.6 Memory Corruption via Malicious Image The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
macOS
CVE-2026-28864 Mar 25, 2026
Apple Keychain Local Access via Permission Bypass (iOS 18.7.7, macOS 15.7.5) This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.
iOS
iPadOS
macOS
And others...
CVE-2026-20691 Mar 25, 2026
Apple Safari/OS 26.4: State Mgmt Auth Flaw Allows User Fingerprinting An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user.
iOS
iPadOS
macOS
And others...
CVE-2026-28825 Mar 25, 2026
macOS Out-of-Bounds Write Allowing File System Modification (Fixed in Sequoia 15.7.5) An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
macOS
Macos Sonoma
CVE-2026-28833 Mar 25, 2026
Apple OS 26.4 App Enumeration Permissions Issue A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.
iOS
iPadOS
macOS
And others...
CVE-2026-20687 Mar 25, 2026
Apple OS (iOS/macOS) use-after-free CVE-2026-20687 (pre 18.7.7) A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-20668 Mar 25, 2026
Apple OS Log Data Leakage Fix 18.7.7/26.3 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access sensitive user data.
iOS
iPadOS
macOS
And others...
CVE-2026-20701 Mar 25, 2026
macOS sandbox flaw allows network share access f. 15.7.5/14.8.5/26.4 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent.
macOS
Macos Sonoma
CVE-2025-43534 Mar 25, 2026
iOS Activation Lock Bypass via Path Handling (pre-18.7.7/iPadOS 18.7.7) A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.
iOS
iPadOS
Ios And Ipados
And others...
CVE-2026-28868 Mar 25, 2026
Apple iOS Kernel Memory Disclosure via Logging Redaction Flaw (before 18.7.7) A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to disclose kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-20633 Mar 25, 2026
macOS Symlink Exploit Lets App Read Sensitive Data: Fixed 15.7.5/14.8.5/26.4 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
macOS
Macos Sonoma
CVE-2026-28829 Mar 25, 2026
macOS perms flaw fixed in 15.7.5/14.8.5/26.4 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
macOS
Macos Sonoma
CVE-2026-20664 Mar 25, 2026
Apple Safari & OS 26.4 Crash due to Memory Handling Exploit The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28852 Mar 25, 2026
Apple iOS/iPadOS Stack Overflow Fixed in 18.7.7 & 26.4 A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service.
iOS
iPadOS
macOS
And others...
CVE-2026-28891 Mar 25, 2026
macOS Sandbox Race Condition Exploit (fixed 15.7.5/14.8.5/26.4) A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox.
macOS
Macos Sonoma
CVE-2026-28844 Mar 25, 2026
macOS Tahoe <=26.3 File Access Flaw (CVE-2026-28844) A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system.
macOS
CVE-2026-28845 Mar 25, 2026
macOS Tahoe 26.4 Auth Bypass via State Mgt Fix An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access protected user data.
macOS
CVE-2026-28890 Mar 25, 2026
OOB read in Xcode before 26.4 compiler component An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.
Xcode
CVE-2026-20665 Mar 25, 2026
Apple Safari 26.3: CSP Bypass via State Management Flaw This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
iOS
iPadOS
macOS
And others...
CVE-2026-28828 Mar 25, 2026
Apple macOS Permission Bypass (fixed 15.7.5/14.8.5/26.4) A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
Macos Sonoma
CVE-2026-20632 Mar 25, 2026
macOS 26.4 Directory Path Parsing Vulnerability A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
CVE-2026-28886 Mar 25, 2026
Apple OS Null Pointer Deref Causing DoS Fixed in v18.7.7 & 26.4 A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.
iOS
iPadOS
macOS
And others...
CVE-2026-20686 Mar 25, 2026
iOS/iPadOS 26.2 Input Validation Bug Exposes Sensitive Data This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.
Ios And Ipados
CVE-2026-28824 Mar 25, 2026
macOS State Mgmt Auth Issue CVE-2026-28824 (Fixed: 15.7.5,14.8.5,26.4) An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
Macos Sonoma
CVE-2026-28832 Mar 25, 2026
Apple macOS OOB Read - Fixed in Sequoia 15.7.5 / Sonoma 14.8.5 / Tahoe 26.4 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to disclose kernel memory.
macOS
Macos Sonoma
CVE-2026-20690 Mar 25, 2026
Apple OS Audio Stream OOB Bounds Check (fixed 18.7.7/15.7.5) An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciously crafted media file may terminate the process.
iOS
iPadOS
macOS
And others...
CVE-2026-28865 Mar 25, 2026
Apple OS Auth State Management Flaw (iOS 18.7.7, macOS 15.7.5-26.4) An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.
iOS
iPadOS
macOS
And others...
CVE-2026-28881 Mar 25, 2026
macOS Tahoe 26.4 Privacy Data Leak A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
CVE-2026-28839 Mar 25, 2026
Apple macOS Data Access Vulnerability, Fixed in 15.7.5/14.8.5/26.4 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
Macos Sonoma
CVE-2026-28878 Mar 25, 2026
Apple iOS 18.7.7 - Sensitive Data Leak via App Enumeration Fix A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.
iOS
iPadOS
macOS
And others...
CVE-2026-28842 Mar 25, 2026
macOS Tahoe 26.4: Buffer Overflow via Bounds Check Bug The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination.
macOS
CVE-2026-28862 Mar 25, 2026
macOS Privacy: Log Redaction Leak (Fixed 15.7.5/14.8.5/26.4) A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data.
macOS
Macos Sonoma
CVE-2026-20697 Mar 25, 2026
Apple macOS Permissions Leak Fix 15.7.5, 14.8.5, 26.4 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
Macos Sonoma
CVE-2026-28835 Mar 25, 2026
macOS SMB Mount Use-after-Free, fixed in 15.7.5/14.8.5 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. Mounting a maliciously crafted SMB network share may lead to system termination.
macOS
Macos Sonoma
CVE-2026-28823 Mar 25, 2026
macOS Tahoe 26.2 Path Handling Bug Enables Root Apps to Delete Protected Files A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files.
macOS
CVE-2026-20639 Mar 25, 2026
Integer overflow in macOS input validation (15.7.5/14.8.5/26.3)heap corruption An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption.
macOS
Macos Sonoma
CVE-2026-28874 Mar 25, 2026
iOS 26.3 App Termination Vulnerability (CVE-2026-28874) The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote attacker may cause an unexpected app termination.
iOS
iPadOS
Ios And Ipados
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.