Apple Apple Software and Device Maker

  1. Vendors
  2. Apple

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Apple product.

RSS Feeds for Apple security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Apple products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple macOS3673 vulnerabilities
Macintosh Operating System

Apple iOS2575 vulnerabilities
The iOS Operating System used by iPhones.

Apple iPadOS1901 vulnerabilities
Apple iPad Operating System

Apple watchOS1530 vulnerabilities
Apple Watch Operating System

Apple tvOS1530 vulnerabilities
Apple TV Operating System

Apple Ios And Ipados934 vulnerabilities

Apple Safari668 vulnerabilities

Apple iPadOS569 vulnerabilities
Apple iPad Operating System

Apple visionOS477 vulnerabilities

Apple iTunes247 vulnerabilities
Apple iTunes Software

Apple Macos Sonoma245 vulnerabilities

Apple iCloud207 vulnerabilities

Apple Xcode64 vulnerabilities

Apple Swift15 vulnerabilities

Apple Music11 vulnerabilities

Apple Garageband8 vulnerabilities

Apple Carplay2 vulnerabilities

Apple AirPods2 vulnerabilities
Apple AirPods Firmware and Hardware

Apple AirPlay2 vulnerabilities

Apple Macos Monterey1 vulnerability

Apple Macos Ventura1 vulnerability

Apple Magic Keyboard1 vulnerability

Apple Compressor1 vulnerability

Apple Securerom1 vulnerability

Apple Smart Card Services1 vulnerability

Apple App Store Connect1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
127121 Safari 26.5 - Apple Security Content May 13, 2026
127112 iPadOS 17.7.11 - Apple Security Content May 11, 2026
127119 watchOS 26.5 - Apple Security Content May 11, 2026
127118 tvOS 26.5 - Apple Security Content May 11, 2026
127116 macOS Sequoia 15.7.7 - Apple Security Content May 11, 2026
127117 macOS Sonoma 14.8.7 - Apple Security Content May 11, 2026
127115 macOS Tahoe 26.5 - Apple Security Content May 11, 2026
127111 iOS 18.7.9 and iPadOS 18.7.9 - Apple Security Content May 11, 2026
127110 iOS 26.5 and iPadOS 26.5 - Apple Security Content May 11, 2026
127113 iOS 16.7.16 and iPadOS 16.7.16 - Apple Security Content May 11, 2026

Known Exploited Apple Vulnerabilities

The following Apple vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Apple Multiple Products Classic Buffer Overflow Vulnerability Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
CVE-2025-43520 Exploit Probability: 0.3% 		March 20, 2026
Apple Multiple Products Improper Locking Vulnerability Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
CVE-2025-43510 Exploit Probability: 0.3% 		March 20, 2026
Apple Multiple Products Buffer Overflow Vulnerability Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
CVE-2025-31277 Exploit Probability: 0.2% 		March 20, 2026
Apple Multiple products Use-After-Free Vulnerability Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
CVE-2023-43000 Exploit Probability: 0.0% 		March 5, 2026
Apple iOS and iPadOS Use-After-Free Vulnerability Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-41974 Exploit Probability: 0.2% 		March 5, 2026
Apple Multiple Products Integer Overflow or Wraparound Vulnerability Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
CVE-2021-30952 Exploit Probability: 0.9% 		March 5, 2026
Apple Multiple Buffer Overflow Vulnerability Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2026-20700 Exploit Probability: 0.4% 		February 12, 2026
Apple Multiple Products Use-After-Free WebKit Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-43529 Exploit Probability: 0.2% 		December 15, 2025
Apple Multiple Products Unspecified Vulnerability Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2022-48503 Exploit Probability: 0.2% 		October 20, 2025
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
CVE-2025-43300 Exploit Probability: 4.5% 		August 21, 2025
Apple Multiple Products Unspecified Vulnerability Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
CVE-2025-43200 Exploit Probability: 0.9% 		June 16, 2025
Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
CVE-2025-31200 Exploit Probability: 2.1% 		April 17, 2025
Apple Multiple Products Arbitrary Read and Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
CVE-2025-31201 Exploit Probability: 2.3% 		April 17, 2025
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVE-2025-24201 Exploit Probability: 0.2% 		March 13, 2025
Apple iOS and iPadOS Incorrect Authorization Vulnerability Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
CVE-2025-24200 Exploit Probability: 48.2% 		February 12, 2025
Apple Multiple Products Use-After-Free Vulnerability Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
CVE-2025-24085 Exploit Probability: 15.9% 		January 29, 2025
Apple Multiple Products Code Execution Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
CVE-2024-44308 Exploit Probability: 0.8% 		November 21, 2024
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
CVE-2024-44309 Exploit Probability: 0.7% 		November 21, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23296 Exploit Probability: 0.3% 		March 6, 2024
Apple iOS and iPadOS Memory Corruption Vulnerability Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
CVE-2024-23225 Exploit Probability: 0.3% 		March 6, 2024

The vulnerability CVE-2025-24200: Apple iOS and iPadOS Incorrect Authorization Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

Top 10 Riskiest Apple Vulnerabilities

Based on the current exploit probability, these Apple vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-41064 85.4% Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
2 CVE-2021-30657 83.1% Apple macOS Policy Subsystem Gatekeeper Bypass
3 CVE-2016-4655 81.7% Apple iOS Information Disclosure Vulnerability
4 CVE-2016-4657 79.4% Apple iOS Webkit Memory Corruption Vulnerability
5 CVE-2021-30860 70.6% Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability
6 CVE-2016-4656 66.7% Apple iOS Memory Corruption Vulnerability
7 CVE-2014-4404 62.0% Apple OS X Heap-Based Buffer Overflow Vulnerability
8 CVE-2023-32434 52.8% Apple Multiple Products Integer Overflow Vulnerability
9 CVE-2025-24200 48.2% Apple iOS and iPadOS Incorrect Authorization Vulnerability
10 CVE-2020-27930 43.9% Apple iOS and macOS FontParser Remote Code Execution Vulnerability

By the Year

In 2026 there have been 288 vulnerabilities in Apple with an average score of 6.2 out of ten. Last year, in 2025 Apple had 756 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apple in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.29




Year Vulnerabilities Average Score
2026 288 6.22
2025 756 6.51
2024 628 6.30
2023 513 6.73
2022 464 7.06
2021 603 6.94
2020 502 6.89
2019 564 7.68
2018 226 7.35

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-46311 May 12, 2026
iOS/iPadOS UI State Flaw Exposes Sensitive Data (18.7.3/26.2+) An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
Ios And Ipados
CVE-2025-43524 May 12, 2026
macOS sandbox escape in older macOS version fixed 15.7.7/14.8.7/26.2 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.
macOS
Macos Sonoma
CVE-2026-28976 May 11, 2026
Info Leak & PrivEsc in macOS Tahoe 26.5 An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.
macOS
CVE-2026-28872 May 11, 2026
iOS/iPadOS resource exhaustion (CVE-2026-28872) fixed in 18.7.9/26.4 A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.
iOS
iPadOS
Ios And Ipados
And others...
CVE-2026-43653 May 11, 2026
Apple iOS/macOS/tvOS Local Network DoS via Memory Handling The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
iOS
iPadOS
macOS
And others...
CVE-2026-28848 May 11, 2026
macOS buffer overflow causes system crash; fixed Sequoia 15.7.7/Tahoe 26.5 A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.
macOS
CVE-2026-28983 May 11, 2026
Apple OS Type Confusion (CVE-2026-28983) Remote DoS (fixed iOS 18.7.9) A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service.
iOS
iPadOS
macOS
And others...
CVE-2026-28995 May 11, 2026
Apple iOS 26.5/iPadOS 26.5 Sandbox Escape via Logic Error A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.
iOS
iPadOS
macOS
And others...
CVE-2026-28940 May 11, 2026
Apple iOS/iPadOS Mem Corrupt from Malicious Image (fixed 18.7.9) The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory.
iOS
iPadOS
macOS
And others...
CVE-2026-28917 May 11, 2026
Apple iOS Updated 18.7.9 Prevents Crash from Malicious Web Content The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-39869 May 11, 2026
Apple OS iOS 18.7.9 Crash via Malicious Audio Stream The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file may terminate the process.
iOS
iPadOS
macOS
And others...
CVE-2026-28901 May 11, 2026
Apple WebKit Memory Crash via Crafted Web Content - fixed in 26.5 The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28956 May 11, 2026
Apple Media Codec Memory Corruption in iOS/macOS prior 26.5 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
iOS
iPadOS
macOS
And others...
CVE-2026-28957 May 11, 2026
Apple iOS/iPadOS Camera Metadata Leak Enables Capture (pre 18.7.9/26.5) An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.
iOS
iPadOS
visionOS
And others...
CVE-2026-28941 May 11, 2026
Apple iOS/macOS File Parser DoS / Mem Disclosure (fixed iOS18.7.9, macOS15.7.7) The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
iOS
iPadOS
macOS
And others...
CVE-2026-28994 May 11, 2026
Apple WiFi Use-After-Free DoS fixed iOS 18.7.9 / macOS 15.7.7 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets.
iOS
iPadOS
macOS
And others...
CVE-2026-43668 May 11, 2026
Use-After-Free in Apple OS Kernels (iOS 18.7.9+, macOS 15.7.7+) A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-43652 May 11, 2026
macOS Tahoe - Permissions Bypass in System Component (before 26.5) A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
macOS
CVE-2026-28936 May 11, 2026
Apple iOS/macOS File Processing Crash (CVE202628936) The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
iOS
iPadOS
macOS
And others...
CVE-2026-28873 May 11, 2026
Apple iOS Privacy Report Logging Circumvention (Fixed in 18.7.9/26.4) This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging.
iOS
iPadOS
Ios And Ipados
And others...
CVE-2026-28961 May 11, 2026
CVE-2026-28961: macOS Tahoe 26.5 Physical Access Can Read Sensitive Data This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.
macOS
CVE-2026-28977 May 11, 2026
iOS/macOS tvOS Bypass Bounds Check Crash - Fixed in 18.7.9, 26.5 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
iOS
iPadOS
macOS
And others...
CVE-2026-28920 May 11, 2026
Apple Safari/WebKit Info Leak via Malicious Site Fixed iOS 26.5, macOS 15.7 An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensitive data.
iOS
iPadOS
macOS
And others...
CVE-2026-28993 May 11, 2026
Apple iOS/iPadOS/macOS Data Leak via Consent Bypass (fixed 18.7.9) This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.
iOS
iPadOS
macOS
And others...
CVE-2026-28985 May 11, 2026
Apple OS 26.5 Null Ptr Deref Local DoS A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
iOS
iPadOS
macOS
And others...
CVE-2026-28897 May 11, 2026
Apple OS Kernel Buffer Overflow Fixed in iOS 18.7.9/Sequoia 15.7.7 A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system termination or read kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-43659 May 11, 2026
Apple OS iOS/macOS 26.5 Race Condition permitting sensitive data access A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
iOS
iPadOS
macOS
And others...
CVE-2026-28946 May 11, 2026
UAF in Safari WebKit on macOS before 26.5 (fixed 26.5) A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
macOS
Safari
CVE-2026-28907 May 11, 2026
CSP bypass in Apple OS 26.5 (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
iOS
iPadOS
macOS
And others...
CVE-2026-43655 May 11, 2026
Apple OS Out-of-Bounds Read (Fixed in 26.5) An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-28819 May 11, 2026
Apple macOS/iOS kernel OOBW fixed in 18.7.9 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.
iOS
iPadOS
macOS
And others...
CVE-2026-43654 May 11, 2026
Apple OS Kernel Mem Disclosure via App (fixed iOS 18.7.9+; macOS 15.7.7+) The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.
iOS
iPadOS
macOS
And others...
CVE-2026-28930 May 11, 2026
Apple macOS Tahoe 26.5 permission issue: app may access protected user data A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
macOS
CVE-2026-28967 May 11, 2026
iOS/iPadOS DoS via Privileged Network Input Validation (Fixed 18.7.7/26.4) A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.
Ios And Ipados
CVE-2026-28988 May 11, 2026
Apple OS 26.5+ Permissions Flaw Allows Privacy Preference Bypass A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences.
iOS
iPadOS
macOS
And others...
CVE-2026-28971 May 11, 2026
Apple iOS/macOS iPadOS visionOS iframe download settings flaw before 26.5 The issue was addressed with improved UI handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another websites download settings.
iOS
iPadOS
macOS
And others...
CVE-2026-20696 May 11, 2026
Authorization Bypass in macOS Tahoe 26.4 Allows App to Access Sensitive Data An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
macOS
CVE-2026-28951 May 11, 2026
Apple OS: Root Priv Escal via State Mismanage (fixed iOS 18.7.9, macOS 14.8.7) An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
iOS
iPadOS
macOS
And others...
CVE-2026-28906 May 11, 2026
Apple OS IP Tracking via State Mgmt v<18.7.9/26.5 CVE-2026-28906 This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An attacker may be able to track users through their IP address.
iOS
iPadOS
macOS
And others...
CVE-2026-28910 May 11, 2026
macOS Tahoe 26.4: Arbitrary File Access CVE-2026-28910 This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files.
macOS
CVE-2026-28947 May 11, 2026
Apple Safari: UAF Crash Vulnerability Fixed in 26.5 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28992 May 11, 2026
Apple OS memory corruption (fixed iOS 18.7.9, macOS 15.7.7) A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
iOS
iPadOS
macOS
And others...
CVE-2026-43658 May 11, 2026
Apple Safari 26.5 Crash via Malicious Web Content The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28952 May 11, 2026
Apple iOS Integer Overflow (pre-18.7.9: possible crash) An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination.
iOS
iPadOS
macOS
And others...
CVE-2026-28905 May 11, 2026
WebKit Crash via WebContent (iOS/iPadOS <26.5, macOS/tvOS/visionOS <26.5) The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28840 May 11, 2026
macOS Root Priv Escalation via Permission Bypass (fixed 15.7.7, 14.8.7, 26.4) A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges.
macOS
Macos Sonoma
CVE-2026-43661 May 11, 2026
Apple iOS 26.5 Buffer Overflow via Malicious Image Processing A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.
iOS
iPadOS
macOS
And others...
CVE-2026-28913 May 11, 2026
Apple OS 26.5: Unexpected Process Crash via Malicious Web Content (Fix) The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28944 May 11, 2026
Apple OS 26.5 Memory Handling Crash on Malicious Web Content The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
iOS
iPadOS
macOS
And others...
CVE-2026-28987 May 11, 2026
Apple OS Logging Leak (kernel state) pre iOS 18.7.9 / macOS 14.8.7 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.
iOS
iPadOS
macOS
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.