Apple Apple Software and Device Maker

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Apple product.

RSS Feeds for Apple security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple macOS3731 vulnerabilities
Macintosh Operating System

Apple iOS2612 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPadOS1938 vulnerabilities
Apple iPad Operating System

Apple watchOS1530 vulnerabilities
Apple Watch Operating System

Apple tvOS1530 vulnerabilities
Apple TV Operating System

Apple Ios And Ipados972 vulnerabilities

Apple Safari699 vulnerabilities

Apple iPadOS569 vulnerabilities
Apple iPad Operating System

Apple visionOS477 vulnerabilities

Apple iTunes247 vulnerabilities
Apple iTunes Software

Apple Macos Sonoma245 vulnerabilities

Apple iCloud207 vulnerabilities

Apple Xcode64 vulnerabilities

Apple Swift16 vulnerabilities

Apple Music11 vulnerabilities

Apple Garageband8 vulnerabilities

Apple Carplay2 vulnerabilities

Apple AirPods2 vulnerabilities
Apple AirPods Firmware and Hardware

Apple AirPlay2 vulnerabilities

Apple Macos Monterey1 vulnerability

Apple Macos Ventura1 vulnerability

Apple Magic Keyboard1 vulnerability

Apple Compressor1 vulnerability

Apple Securerom1 vulnerability

Apple Smart Card Services1 vulnerability

Apple App Store Connect1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
127594 iOS 26.5.2 and iPadOS 26.5.2 - Apple Security Content June 29, 2026
127595 macOS Tahoe 26.5.2 - Apple Security Content June 29, 2026
127685 Safari 26.5.2 - Apple Security Content June 29, 2026
127557 Beats Firmware Update 1B211 - Apple Security Content June 16, 2026
127121 Safari 26.5 - Apple Security Content May 13, 2026
127112 iPadOS 17.7.11 - Apple Security Content May 11, 2026
127116 macOS Sequoia 15.7.7 - Apple Security Content May 11, 2026
127117 macOS Sonoma 14.8.7 - Apple Security Content May 11, 2026
127115 macOS Tahoe 26.5 - Apple Security Content May 11, 2026
127111 iOS 18.7.9 and iPadOS 18.7.9 - Apple Security Content May 11, 2026

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple Multiple Products Classic Buffer Overflow Vulnerability Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
CVE-2025-43520 Exploit Probability: 0.4%
March 20, 2026
Apple Multiple Products Improper Locking Vulnerability Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
CVE-2025-43510 Exploit Probability: 0.3%
March 20, 2026
Apple Multiple Products Buffer Overflow Vulnerability Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
CVE-2025-31277 Exploit Probability: 1.5%
March 20, 2026
Apple Multiple products Use-After-Free Vulnerability Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
CVE-2023-43000 Exploit Probability: 4.0%
March 5, 2026
Apple iOS and iPadOS Use-After-Free Vulnerability Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-41974 Exploit Probability: 1.4%
March 5, 2026
Apple Multiple Products Integer Overflow or Wraparound Vulnerability Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
CVE-2021-30952 Exploit Probability: 7.6%
March 5, 2026
Apple Multiple Buffer Overflow Vulnerability Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2026-20700 Exploit Probability: 1.3%
February 12, 2026
Apple Multiple Products Use-After-Free WebKit Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-43529 Exploit Probability: 8.4%
December 15, 2025
Apple Multiple Products Unspecified Vulnerability Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2022-48503 Exploit Probability: 3.2%
October 20, 2025
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
CVE-2025-43300 Exploit Probability: 20.0%
August 21, 2025
Apple Multiple Products Unspecified Vulnerability Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
CVE-2025-43200 Exploit Probability: 1.0%
June 16, 2025
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
CVE-2025-31200 Exploit Probability: 21.3%
April 17, 2025
Apple Multiple Products Arbitrary Read and Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
CVE-2025-31201 Exploit Probability: 12.4%
April 17, 2025
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-24201 Exploit Probability: 4.2%
March 13, 2025
Apple iOS and iPadOS Incorrect Authorization Vulnerability Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
CVE-2025-24200 Exploit Probability: 4.9%
February 12, 2025
Apple Multiple Products Use-After-Free Vulnerability Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
CVE-2025-24085 Exploit Probability: 18.7%
January 29, 2025
Apple Multiple Products Code Execution Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
CVE-2024-44308 Exploit Probability: 9.2%
November 21, 2024
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
CVE-2024-44309 Exploit Probability: 21.0%
November 21, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23296 Exploit Probability: 1.4%
March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23225 Exploit Probability: 1.5%
March 6, 2024

5 known exploited Apple vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Apple Vulnerabilities

Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2021-30860 76.0% Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability
2 CVE-2021-30657 68.5% Apple macOS Policy Subsystem Gatekeeper Bypass
3 CVE-2016-4657 66.8% Apple iOS Webkit Memory Corruption Vulnerability
4 CVE-2023-32434 51.5% Apple Multiple Products Integer Overflow Vulnerability
5 CVE-2014-4404 49.0% Apple OS X Heap-Based Buffer Overflow Vulnerability
6 CVE-2016-4655 33.4% Apple iOS Information Disclosure Vulnerability
7 CVE-2023-41993 29.2% Apple Multiple Products WebKit Code Execution Vulnerability
8 CVE-2021-30807 28.8% Apple iOS and macOS Memory Corruption Vulnerability
9 CVE-2023-28205 27.1% Apple Multiple Products WebKit Use-After-Free Vulnerability
10 CVE-2023-28206 24.5% Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability

By the Year

In 2026 there have been 348 vulnerabilities in Apple with an average score of 6.4 out of ten. Last year, in 2025 Apple had 757 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.13




Year Vulnerabilities Average Score
2026 348 6.41
2025 757 6.54
2024 628 6.30
2023 513 6.71
2022 464 7.06
2021 603 6.94
2020 502 6.89
2019 564 7.67
2018 226 7.33

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-43700 Jun 29, 2026
Apple Safari 26.5.1 Cross-Origin Info Leak A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.
iOS
iPadOS
macOS
And others...
CVE-2026-43716 Jun 29, 2026
Safari 26.5.2 Crash via Malicious Web Content, Fixed The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43720 Jun 29, 2026
Safari use-after-free CVE-2026-43720 fixed in Safari 26.5.2 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-39868 Jun 29, 2026
Kernel Mem Corruption via Input Validation in Apple iOS/iPadOS/macOS 26.5.2 - Fixed This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-43721 Jun 29, 2026
Clipboard Hijack in Safari 26.5.2 (iOS/macOS) This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijack clipboard data.
iOS
iPadOS
macOS
And others...
CVE-2026-39872 Jun 29, 2026
Apple Safari 26.5.2: Memory Handling Crash with Malicious Web Content The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43717 Jun 29, 2026
Apple Safari 26.5.2 UAF Crash via Malformed Web Content A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43740 Jun 29, 2026
Apple Safari 26.5.2 Memory Disclosure via Malicious Web Content The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may result in the disclosure of process memory.
iOS
iPadOS
macOS
And others...
CVE-2026-43701 Jun 29, 2026
Apple Safari/iOS Sandbox Bypass via Malicious Site (fixed in 26.5.2) The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.
iOS
iPadOS
macOS
And others...
CVE-2026-43663 Jun 29, 2026
Safari Mem Corruption Crash <26.5.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43726 Jun 29, 2026
Use-After-Free in Safari 26.5.2 Causing Crash A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43706 Jun 29, 2026
Apple iOS/iPadOS/macOS double free bug in web content 26.5.2 A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43746 Jun 29, 2026
Apple Safari 26.5.2 Use-After-Free Crash A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43707 Jun 29, 2026
Safari 26.5.2 Memory Corruption Fix: Crash from Malicious Web Content A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43727 Jun 29, 2026
Use-After-Free Crash in Safari, iOS/iPadOS/macOS, Fixed in 26.5.2 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43731 Jun 29, 2026
Apple Safari <26.5.2: UAF in Web Content (fixed v26.5.2) A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
iOS
iPadOS
macOS
And others...
CVE-2026-43724 Jun 29, 2026
Kernel memory write in Apple OS 26.5.2 (iOS, iPadOS, macOS) The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-43732 Jun 29, 2026
Safari Path Handling Disclosure Vulnerability Fixed 26.5.2 A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.
iOS
iPadOS
macOS
And others...
CVE-2026-43708 Jun 29, 2026
CVE-2026-43708 Safari <26.5.2 cross-origin data exfiltration The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.
iOS
iPadOS
macOS
And others...
CVE-2026-43712 Jun 29, 2026
Apple Safari Crash via Malicious Web Content, Fixed in 26.5.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43745 Jun 29, 2026
Out-of-Bounds Write Leading to Safari Crash (pre-26.5.2) An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43704 Jun 29, 2026
Apple Safari 26.5.2 Use-After-Free in Web Extension Causing Crash A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43705 Jun 29, 2026
Safari & iOS Type Confusion Memory Corruption Fixed in 26.5.2 A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
iOS
iPadOS
macOS
And others...
CVE-2026-43713 Jun 29, 2026
Safari/iOS/iPadOS Permissions Leak, fixed in 26.5.2 A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data.
iOS
iPadOS
macOS
And others...
CVE-2026-43709 Jun 29, 2026
Safari UAF Crash Fixed in 26.5.2 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43699 Jun 29, 2026
Apple Safari UAF in 26.5.2: Crash via Malicious Web Content A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43676 Jun 29, 2026
Safari OOB Crash (v26.5.2) Boundscheck Fix An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43725 Jun 29, 2026
Apple Safari 26.5.2: Sandbox Escape via Input Validation The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.
iOS
iPadOS
macOS
And others...
CVE-2026-43743 Jun 29, 2026
Race Condition in Apple OS (iOS 26.5.2/iPadOS 26.5.2/macOS Tahoe) Crash A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination.
iOS
iPadOS
macOS
And others...
CVE-2026-43722 Jun 29, 2026
Kernel State Leak from Improper Sanitization in Apple iOS/macOS 26.5.2 The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state.
iOS
iPadOS
macOS
And others...
CVE-2026-43718 Jun 29, 2026
Apple Safari stack overflow via malformed web content (pre-26.5.2) A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43734 Jun 29, 2026
Safari UA-FREE CVE-2026-43734 fixed in 26.5.2 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28979 Jun 29, 2026
Apple Safari/iOS/iPadOS/macOS Tahoe OOB Access (Fixed 26.5.2) An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43735 Jun 29, 2026
Apple Safari Cross-Origin Data Exfil - Fixed in 26.5.2 The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.
iOS
iPadOS
macOS
And others...
CVE-2026-43703 Jun 29, 2026
Apple WebKit <=26.5.2 Crash via Malformed Web Content The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43742 Jun 29, 2026
Safari UAF vulnerability; fixed in Safari 26.5.2 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-43715 Jun 29, 2026
Use-After-Free in Apple Safari <26.5.2 (memory corruption) A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
iOS
iPadOS
macOS
And others...
CVE-2026-28898 Jun 25, 2026
swift-nio-http2 1.44.1 Secures H2-H1 Codec Pseudo-Header Checks swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values (:path, :authority, :scheme, :method, and :status) at both the HPACK header validation layer and the HTTP/2-to-HTTP/1.1 translation layer. Requests or responses containing CR, LF, or NUL bytes in any pseudo-header value are now rejected with a connection error. This issue is fixed in swift-nio-http2 1.44.1.
Swift
CVE-2025-30431 Jun 11, 2026
macOS Sequoia/SON+ Ventura Priv Esc via Improper Access Check The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
macOS
CVE-2025-24268 Jun 11, 2026
macOS Sequoia 15.4: Path Validation Vulnerability in Directory Handling A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
macOS
CVE-2025-43339 Jun 11, 2026
macOS Tahoe 26.0 Sandbox Access Issue (CVE-2025-43339) An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
macOS
CVE-2025-46293 Jun 11, 2026
macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293) This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
macOS
CVE-2025-46315 Jun 11, 2026
macOS Tahoe 26.1: Fixed Permissions Issue Accessing Protected Data A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
macOS
CVE-2025-30459 Jun 11, 2026
Privacy Issue in macOS Sequoia 15.4 (CVE202530459) A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
macOS
CVE-2025-31272 Jun 11, 2026
macOS Sequoia 15.4 Launch Constraint Bypass Elevated Privilege The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
macOS
CVE-2025-24284 Jun 11, 2026
macOS Sequoia 15.4: Sandbox Escape Vulnerability (CVE-2025-24284) This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
macOS
CVE-2025-24165 Jun 11, 2026
macOS Permission Flaw May Cause System Termination (Fixed 15.4/14.7.5/13.7.5) A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
macOS
CVE-2025-43278 Jun 11, 2026
macOS <15.4 Symlink Bypass Access to Protected Data This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
macOS
CVE-2025-46313 Jun 11, 2026
macOS 26.1 Vulnerable Logging Redaction Exposes User Data A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
macOS
CVE-2025-46308 Jun 11, 2026
AuthZ Leak via State Mgmt in iOS/iPadOS/macOS (pre-18.4/15.4) An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
Ios And Ipados
macOS
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.