Vendor CVEs
Apple Inc.
All CVEs
8,451 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28889 | 0.00 | — | 0.00 | Mar 25, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root. | |||
| CVE-2026-28893 | 0.00 | — | 0.00 | Mar 25, 2026 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a temporary file when using print preview. | |||
| CVE-2026-20631 | 0.00 | — | 0.00 | Mar 25, 2026 | A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges. | |||
| CVE-2026-20670 | 0.00 | — | 0.00 | Mar 25, 2026 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||
| CVE-2026-20688 | 0.00 | — | 0.00 | Mar 25, 2026 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox. | |||
| CVE-2026-28892 | 0.00 | — | 0.00 | Mar 25, 2026 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system. | |||
| CVE-2026-28867 | 0.00 | — | 0.00 | Mar 25, 2026 | This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state. | |||
| CVE-2026-28888 | 0.00 | — | 0.00 | Mar 25, 2026 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges. | |||
| CVE-2026-20692 | 0.00 | — | 0.00 | Mar 25, 2026 | A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content. | |||
| CVE-2026-28871 | 0.00 | — | 0.00 | Mar 25, 2026 | A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. | |||
| CVE-2026-20651 | 0.00 | — | 0.00 | Mar 25, 2026 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||
| CVE-2026-20643 | 0.00 | — | 0.00 | Mar 17, 2026 | A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4.… | |||
| CVE-2023-43010 | 0.00 | — | 0.01 | Mar 12, 2026 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. | |||
| CVE-2026-20629 | 0.00 | — | 0.00 | Feb 11, 2026 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | |||
| CVE-2026-20648 | 0.00 | — | 0.00 | Feb 11, 2026 | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices. | |||
| CVE-2026-20669 | 0.00 | — | 0.00 | Feb 11, 2026 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||
| CVE-2026-20674 | 0.00 | — | 0.00 | Feb 11, 2026 | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | |||
| CVE-2026-20623 | 0.00 | — | 0.00 | Feb 11, 2026 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | |||
| CVE-2026-20662 | 0.00 | — | 0.00 | Feb 11, 2026 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | |||
| CVE-2026-20619 | 0.00 | — | 0.00 | Feb 11, 2026 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||
| CVE-2026-20658 | 0.00 | — | 0.00 | Feb 11, 2026 | A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | |||
| CVE-2026-20681 | 0.00 | — | 0.00 | Feb 11, 2026 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | |||
| CVE-2026-20642 | 0.00 | — | 0.00 | Feb 11, 2026 | An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||
| CVE-2026-20603 | 0.00 | — | 0.00 | Feb 11, 2026 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information. | |||
| CVE-2026-20638 | 0.00 | — | 0.00 | Feb 11, 2026 | A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions. | |||
| CVE-2026-20618 | 0.00 | — | 0.00 | Feb 11, 2026 | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. | |||
| CVE-2026-20601 | 0.00 | — | 0.00 | Feb 11, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. | |||
| CVE-2026-20640 | 0.00 | — | 0.00 | Feb 11, 2026 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with… | |||
| CVE-2026-20682 | 0.00 | — | 0.00 | Feb 11, 2026 | A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes. | |||
| CVE-2026-20646 | 0.00 | — | 0.00 | Feb 11, 2026 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information. | |||
| CVE-2026-20666 | 0.00 | — | 0.00 | Feb 11, 2026 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||
| CVE-2026-20630 | 0.00 | — | 0.00 | Feb 11, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | |||
| CVE-2026-20610 | 0.00 | — | 0.00 | Feb 11, 2026 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | |||
| CVE-2026-20647 | 0.00 | — | 0.00 | Feb 11, 2026 | This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||
| CVE-2025-46306 | 0.00 | — | 0.00 | Jan 28, 2026 | The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents. | |||
| CVE-2026-20613 | 0.00 | — | 0.00 | Jan 22, 2026 | The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location… | |||
| CVE-2025-31186 | 0.00 | — | 0.00 | Jan 16, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences. | |||
| CVE-2025-24090 | 0.00 | — | 0.00 | Jan 16, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps. | |||
| CVE-2025-43508 | 0.00 | — | 0.00 | Jan 16, 2026 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||
| CVE-2024-44210 | 0.00 | — | 0.00 | Jan 16, 2026 | This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | |||
| CVE-2025-24089 | 0.00 | — | 0.00 | Jan 16, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps. | |||
| CVE-2024-54556 | 0.00 | — | 0.00 | Jan 16, 2026 | This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen. | |||
| CVE-2025-46297 | 0.00 | — | 0.00 | Jan 9, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container. | |||
| CVE-2025-46286 | 0.00 | — | 0.00 | Jan 9, 2026 | A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment. | |||
| CVE-2025-43514 | 0.00 | — | 0.00 | Dec 17, 2025 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. | |||
| CVE-2025-46281 | 0.00 | — | 0.00 | Dec 17, 2025 | A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. | |||
| CVE-2025-46278 | 0.00 | — | 0.00 | Dec 17, 2025 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. | |||
| CVE-2025-43535 | 0.00 | — | 0.01 | Dec 17, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||
| CVE-2025-46291 | 0.00 | — | 0.00 | Dec 17, 2025 | A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks. | |||
| CVE-2025-43475 | 0.00 | — | 0.00 | Dec 17, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data. |
- CVE-2026-28889Mar 25, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
- CVE-2026-28893Mar 25, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a temporary file when using print preview.
- CVE-2026-20631Mar 25, 2026risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
- CVE-2026-20670Mar 25, 2026risk 0.00cvss —epss 0.00
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2026-20688Mar 25, 2026risk 0.00cvss —epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox.
- CVE-2026-28892Mar 25, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
- CVE-2026-28867Mar 25, 2026risk 0.00cvss —epss 0.00
This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.
- CVE-2026-28888Mar 25, 2026risk 0.00cvss —epss 0.00
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges.
- CVE-2026-20692Mar 25, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. "Hide IP Address" and "Block All Remote Content" may not apply to all mail content.
- CVE-2026-28871Mar 25, 2026risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack.
- CVE-2026-20651Mar 25, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2026-20643Mar 17, 2026risk 0.00cvss —epss 0.00
A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4.…
- CVE-2023-43010Mar 12, 2026risk 0.00cvss —epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
- CVE-2026-20629Feb 11, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
- CVE-2026-20648Feb 11, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.
- CVE-2026-20669Feb 11, 2026risk 0.00cvss —epss 0.00
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2026-20674Feb 11, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.
- CVE-2026-20623Feb 11, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.
- CVE-2026-20662Feb 11, 2026risk 0.00cvss —epss 0.00
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.
- CVE-2026-20619Feb 11, 2026risk 0.00cvss —epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2026-20658Feb 11, 2026risk 0.00cvss —epss 0.00
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
- CVE-2026-20681Feb 11, 2026risk 0.00cvss —epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.
- CVE-2026-20642Feb 11, 2026risk 0.00cvss —epss 0.00
An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.
- CVE-2026-20603Feb 11, 2026risk 0.00cvss —epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.
- CVE-2026-20638Feb 11, 2026risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.
- CVE-2026-20618Feb 11, 2026risk 0.00cvss —epss 0.00
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
- CVE-2026-20601Feb 11, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission.
- CVE-2026-20640Feb 11, 2026risk 0.00cvss —epss 0.00
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with…
- CVE-2026-20682Feb 11, 2026risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes.
- CVE-2026-20646Feb 11, 2026risk 0.00cvss —epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information.
- CVE-2026-20666Feb 11, 2026risk 0.00cvss —epss 0.00
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2026-20630Feb 11, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.
- CVE-2026-20610Feb 11, 2026risk 0.00cvss —epss 0.00
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
- CVE-2026-20647Feb 11, 2026risk 0.00cvss —epss 0.00
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2025-46306Jan 28, 2026risk 0.00cvss —epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents.
- CVE-2026-20613Jan 22, 2026risk 0.00cvss —epss 0.00
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location…
- CVE-2025-31186Jan 16, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
- CVE-2025-24090Jan 16, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
- CVE-2025-43508Jan 16, 2026risk 0.00cvss —epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
- CVE-2024-44210Jan 16, 2026risk 0.00cvss —epss 0.00
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
- CVE-2025-24089Jan 16, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
- CVE-2024-54556Jan 16, 2026risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.
- CVE-2025-46297Jan 9, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container.
- CVE-2025-46286Jan 9, 2026risk 0.00cvss —epss 0.00
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.
- CVE-2025-43514Dec 17, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
- CVE-2025-46281Dec 17, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.
- CVE-2025-46278Dec 17, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
- CVE-2025-43535Dec 17, 2025risk 0.00cvss —epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2025-46291Dec 17, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.
- CVE-2025-43475Dec 17, 2025risk 0.00cvss —epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
Page 113 of 170