Monthly
Apple Mail on iOS, iPadOS, and macOS bypasses Lockdown Mode protections when replying to emails, allowing remote image loading that should be blocked. This information disclosure affects all supported Apple OS versions (iOS/iPadOS 18.x, macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x) prior to security updates released in early 2026. The vulnerability undermines a critical privacy protection for high-risk users, enabling email tracking and potential IP address disclosure despite Lockdown Mode activation. EPSS score of 0.02% suggests minimal automated exploitation likelihood, no public exploit or CISA KEV listing identified, though the attack complexity is rated low (CVSS AC:L).
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. [CVSS 3.3 LOW]
Apple Mail on iOS, iPadOS, and macOS bypasses Lockdown Mode protections when replying to emails, allowing remote image loading that should be blocked. This information disclosure affects all supported Apple OS versions (iOS/iPadOS 18.x, macOS Sequoia 15.x, Sonoma 14.x, and Tahoe 26.x) prior to security updates released in early 2026. The vulnerability undermines a critical privacy protection for high-risk users, enabling email tracking and potential IP address disclosure despite Lockdown Mode activation. EPSS score of 0.02% suggests minimal automated exploitation likelihood, no public exploit or CISA KEV listing identified, though the attack complexity is rated low (CVSS AC:L).
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. [CVSS 3.3 LOW]