Apple Software and Device Maker
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Apple product.
RSS Feeds for Apple security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 126347 | iOS 18.7.5 and iPadOS 18.7.5 - Apple Security Content | February 11, 2026 |
| 126354 | Safari 26.3 - Apple Security Content | February 11, 2026 |
| 126353 | visionOS 26.3 - Apple Security Content | February 11, 2026 |
| 126351 | tvOS 26.3 - Apple Security Content | February 11, 2026 |
| 126348 | macOS Tahoe 26.3 - Apple Security Content | February 11, 2026 |
| 126350 | macOS Sonoma 14.8.4 - Apple Security Content | February 11, 2026 |
| 126352 | watchOS 26.3 - Apple Security Content | February 11, 2026 |
| 126349 | macOS Sequoia 15.7.4 - Apple Security Content | February 11, 2026 |
| 126346 | iOS 26.3 and iPadOS 26.3 - Apple Security Content | February 11, 2026 |
| 126255 | Pages 15.1 - Apple Security Content | January 28, 2026 |
Known Exploited Apple Vulnerabilities
The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Apple Multiple products Use-After-Free Vulnerability |
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. CVE-2023-43000 Exploit Probability: 0.1% |
March 5, 2026 |
| Apple iOS and iPadOS Use-After-Free Vulnerability |
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. CVE-2023-41974 Exploit Probability: 0.7% |
March 5, 2026 |
| Apple Multiple Products Integer Overflow or Wraparound Vulnerability |
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. CVE-2021-30952 Exploit Probability: 1.9% |
March 5, 2026 |
| Apple Multiple Buffer Overflow Vulnerability |
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. CVE-2026-20700 Exploit Probability: 0.4% |
February 12, 2026 |
| Apple Multiple Products Use-After-Free WebKit Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. CVE-2025-43529 Exploit Probability: 0.1% |
December 15, 2025 |
| Apple Multiple Products Unspecified Vulnerability |
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2022-48503 Exploit Probability: 0.3% |
October 20, 2025 |
| Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability |
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework. CVE-2025-43300 Exploit Probability: 0.7% |
August 21, 2025 |
| Apple Multiple Products Unspecified Vulnerability |
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link. CVE-2025-43200 Exploit Probability: 0.4% |
June 16, 2025 |
| Apple Multiple Products Arbitrary Read and Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. CVE-2025-31201 Exploit Probability: 3.8% |
April 17, 2025 |
| Apple Multiple Products Memory Corruption Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. CVE-2025-31200 Exploit Probability: 1.7% |
April 17, 2025 |
| Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability |
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. CVE-2025-24201 Exploit Probability: 0.1% |
March 13, 2025 |
| Apple iOS and iPadOS Incorrect Authorization Vulnerability |
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device. CVE-2025-24200 Exploit Probability: 40.7% |
February 12, 2025 |
| Apple Multiple Products Use-After-Free Vulnerability |
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges. CVE-2025-24085 Exploit Probability: 28.1% |
January 29, 2025 |
| Apple Multiple Products Code Execution Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution. CVE-2024-44308 Exploit Probability: 1.9% |
November 21, 2024 |
| Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability |
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. CVE-2024-44309 Exploit Probability: 1.2% |
November 21, 2024 |
| Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23296 Exploit Probability: 0.1% |
March 6, 2024 |
| Apple iOS and iPadOS Memory Corruption Vulnerability |
Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. CVE-2024-23225 Exploit Probability: 0.1% |
March 6, 2024 |
| Apple Multiple Products Improper Authentication Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an improper authentication vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. CVE-2022-48618 Exploit Probability: 0.2% |
January 31, 2024 |
| Apple Multiple Products Type Confusion Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. CVE-2024-23222 Exploit Probability: 0.3% |
January 23, 2024 |
| Apple Multiple Products Code Execution Vulnerability |
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. CVE-2023-41990 Exploit Probability: 2.7% |
January 8, 2024 |
2 known exploited Apple vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Apple Vulnerabilities
Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2023-41064 | 85.4% | Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability |
| 2 | CVE-2016-4655 | 82.1% | Apple iOS Information Disclosure Vulnerability |
| 3 | CVE-2016-4657 | 78.4% | Apple iOS Webkit Memory Corruption Vulnerability |
| 4 | CVE-2021-30657 | 76.3% | Apple macOS Policy Subsystem Gatekeeper Bypass |
| 5 | CVE-2021-30860 | 72.9% | Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability |
| 6 | CVE-2023-32434 | 68.3% | Apple Multiple Products Integer Overflow Vulnerability |
| 7 | CVE-2016-4656 | 66.7% | Apple iOS Memory Corruption Vulnerability |
| 8 | CVE-2014-4404 | 62.0% | Apple OS X Heap-Based Buffer Overflow Vulnerability |
| 9 | CVE-2020-27930 | 47.2% | Apple iOS and macOS FontParser Remote Code Execution Vulnerability |
| 10 | CVE-2020-27950 | 44.3% | Apple iOS and macOS Kernel Memory Initialization Vulnerability |
By the Year
In 2026 there have been 89 vulnerabilities in Apple with an average score of 5.6 out of ten. Last year, in 2025 Apple had 746 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.95
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 89 | 5.57 |
| 2025 | 746 | 6.52 |
| 2024 | 628 | 6.27 |
| 2023 | 513 | 6.73 |
| 2022 | 464 | 7.06 |
| 2021 | 603 | 6.94 |
| 2020 | 502 | 6.91 |
| 2019 | 564 | 7.68 |
| 2018 | 223 | 7.35 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-20629 | Feb 11, 2026 |
macOS Tahoe 26.3 Fix: Temp File Privacy LeakA privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. |
macOS
|
| CVE-2026-20652 | Feb 11, 2026 |
Safari DoS via Improper Memory Handling (pre-26.3)The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20644 | Feb 11, 2026 |
Apple Safari 26.3 WebKit crash via memory handling flawThe issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20605 | Feb 11, 2026 |
macOS Crash via Improper Memory Handling Fixed in Sequoia 15.7.4The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20625 | Feb 11, 2026 |
Apple macOS Sequoia 15.7.4: Directory Path Parsing IssueA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data. |
macOS
Macos Sonoma
visionOS
And others... |
| CVE-2026-20648 | Feb 11, 2026 |
macOS Tahoe 26.3: Notification Privacy Leak via iCloud Device AccessA privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices. |
macOS
|
| CVE-2026-20609 | Feb 11, 2026 |
Apple OS DoS via Malicious File Handling (fixed in 26.3, 14.8.4, 15.7.4, 18.7.5)The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20608 | Feb 11, 2026 |
Safari Crash via Malicious Web Content Fixed in 26.3This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20649 | Feb 11, 2026 |
Apple OS Logging Leak Fixed in 26.3A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20624 | Feb 11, 2026 |
macOS injection flaw fixed in Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data. |
macOS
Macos Sonoma
|
| CVE-2026-20673 | Feb 11, 2026 |
Apple macOS/iOS Logic Issue Fixed 15.7.4/18.7.5/26.3/14.8.4A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages may not apply to all mail previews. |
iOS
iPadOS
macOS
And others... |
| CVE-2025-46310 | Feb 11, 2026 |
macOS Sequoia 15.7.4 & Sonoma 14.8.4: Root Can Delete Protected FilesThis issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files. |
macOS
Macos Sonoma
|
| CVE-2026-20653 | Feb 11, 2026 |
Directory Path Parsing Issue - Apple OS (pre-26.3,14.8.4,15.7.4,18.7.5)A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20645 | Feb 11, 2026 |
CVE-2026-20645 UI State Flaw in iOS 26.3 & iPadOS 26.3 (Physical Access)An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2026-20700 | Feb 11, 2026 |
Apple OS 26.3: Memory Corruption CVE-2026-20700 FixedA memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20612 | Feb 11, 2026 |
Apple macOS Privacy Leak: App Reading Sensitive Data (Fixed 15.7.4/14.8.4/26.3)A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to access sensitive user data. |
macOS
Macos Sonoma
|
| CVE-2026-20669 | Feb 11, 2026 |
macOS Tahoe <26.3 path validation flaw allows data leakageA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. |
macOS
|
| CVE-2026-20628 | Feb 11, 2026 |
Apple OS Sandbox Escape via Permission Issue before 15.7.4A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20674 | Feb 11, 2026 |
Apple iOS&iPadOS 26.3 Sensitive Data Leakage on Locked DevicesA privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2026-20623 | Feb 11, 2026 |
macOS Tahoe 26.3: Permissions Bug-App Unauthorized AccessA permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. |
macOS
|
| CVE-2026-20635 | Feb 11, 2026 |
Safari memory handling crash (CVE-2026-20635)The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20662 | Feb 11, 2026 |
Apple macOS Sequoia 15.7.4 & Tahoe 26.3 Auth Issue via Physical AccessAn authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. |
macOS
|
| CVE-2025-46301 | Feb 11, 2026 |
Apple macOS HID Bounds Check Crash (before 15.7.4)The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20619 | Feb 11, 2026 |
macOS Sequoia/Tahoe Logging Redaction Flaw fixed in 15.7.4 / 26.3A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. |
macOS
|
| CVE-2026-20658 | Feb 11, 2026 |
macOS Tahoe 26.3 RCE via Package Validation FlawA package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. |
macOS
|
| CVE-2026-20678 | Feb 11, 2026 |
iOS/iPadOS Auth Issue Fixed in 26.3 & 18.7.5 Sensitive Data AccessAn authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2026-20681 | Feb 11, 2026 |
Privacy fix: improved data redaction in macOS Tahoe 26.3A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. |
macOS
|
| CVE-2026-20615 | Feb 11, 2026 |
Root Priv Escalation via Path Handling in Apple iOS 26.3A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20642 | Feb 11, 2026 |
Apple iOS 26.3 Fix: CVE-2026-20642 Allows Photos Access from Lock ScreenAn input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2026-20654 | Feb 11, 2026 |
Apple OS 26.3 Memory Handling Fix Prevents App-Induced System TerminationThe issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20603 | Feb 11, 2026 |
macOS 26.3: Sensitive Info Disclosure via Root App Redaction IssueThis issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information. |
macOS
|
| CVE-2026-20602 | Feb 11, 2026 |
Apple macOS DoS via Cache Mishandling (fixed macOS 14.8.4/15.7.4/26.3)The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to cause a denial-of-service. |
macOS
Macos Sonoma
|
| CVE-2026-20614 | Feb 11, 2026 |
macOS Root Priv Escalation via Path Handle (14.8.3/15.7.3/26.2)A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges. |
macOS
Macos Sonoma
|
| CVE-2026-20655 | Feb 11, 2026 |
Apple iOS/iPadOS Auth Bug Allows Sensitive Info Leak on Physical AccessAn authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2026-20680 | Feb 11, 2026 |
Apple macOS/iOS Sandbox Data Leak prior to 26.3/18.7.5The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20638 | Feb 11, 2026 |
iOS/iPadOS 26.3 Live Caller ID App Ext. Info LeakA logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2025-46290 | Feb 11, 2026 |
macOS Sequoia & Sonoma Remote DoS via Logic Issue Fixed in 15.7.4/14.8.4A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service. |
macOS
Macos Sonoma
|
| CVE-2026-20618 | Feb 11, 2026 |
macOS Tahoe Temporary File Handling Flaw Exposes Sensitive Data (26.2)An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. |
macOS
|
| CVE-2025-43417 | Feb 11, 2026 |
Apple macOS Sonoma path handling flaw pre-14.8.4A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data. |
macOS
Macos Sonoma
|
| CVE-2026-20663 | Feb 11, 2026 |
Apple iOS/iPadOS Installed-Apps Enumeration via Logging (fixed 26.3)The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps. |
iOS
iPadOS
Ios And Ipados
And others... |
| CVE-2025-46300 | Feb 11, 2026 |
Apple HID Bound-Check Crash (macOS/iOS) before 15.7.4/18.7.5The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20634 | Feb 11, 2026 |
Apple OS Image Parser Memory Disclosure (before 18.7.5/26.3)The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20675 | Feb 11, 2026 |
Apple OS Image Disclosure Pre 26.3The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may lead to disclosure of user information. |
iOS
iPadOS
macOS
And others... |
| CVE-2025-46303 | Feb 11, 2026 |
Apple macOS/iOS HID bounds check flaw process crash (CVE-2025-46303)The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20621 | Feb 11, 2026 |
Apple macOS/iOS Kernel Mem Corrupt (pre-26.3/18.7.5)The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20660 | Feb 11, 2026 |
Apple macOS/iOS path handling flaw enabling arbitrary file write (pre-26.3)A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20676 | Feb 11, 2026 |
Safari Web Extension Tracking Flaw Fixed in 26.3This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20601 | Feb 11, 2026 |
Apple macOS Tahoe 26.3 Addresses Keystroke Monitoring Permissions IssueA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. |
macOS
|
| CVE-2026-20656 | Feb 11, 2026 |
Apple iOS Safari History Leak before 18.7.5 (CVE202620656)A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, Safari 26.3, macOS Tahoe 26.3. An app may be able to access a user's Safari history. |
iOS
iPadOS
macOS
And others... |
| CVE-2026-20640 | Feb 11, 2026 |
Apple iOS 26.3 iPhone Mirroring Screenshot Flaw (Physical Access)An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac. |
iOS
iPadOS
Ios And Ipados
And others... |