Skip to main content

Apple

8071 CVEs vendor

Monthly

CVE-2026-20083 MEDIUM This Month

Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.

Cisco Denial Of Service Apple
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20110 MEDIUM This Month

Insufficient privilege validation on the start maintenance command in Cisco IOS XE Software enables authenticated local attackers to trigger a denial of service by placing devices into maintenance mode, which disables network interfaces. Low-privileged users can exploit this via CLI access without administrative credentials. Device recovery requires administrator intervention using the stop maintenance command.

Cisco Denial Of Service Apple
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20104 MEDIUM This Month

This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.

Cisco RCE Apple
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20004 HIGH This Week

Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available.

Cisco Denial Of Service Apple
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-20125 HIGH This Week

HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.

Denial Of Service Apple Cisco
NVD VulDB
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-20012 HIGH This Week

A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation.

Cisco Denial Of Service Microsoft Apple
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-20086 HIGH This Week

This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.

Cisco Denial Of Service Apple
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-20084 HIGH This Week

Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. No patch is currently available for this denial-of-service vulnerability.

Cisco Denial Of Service Apple
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-23323 HIGH PATCH This Week

The Apple Silicon SMC hwmon driver (macsmc-hwmon) in the Linux kernel contains critical memory safety bugs in sensor population and float conversion logic. Specifically, voltage sensors are incorrectly registered to the temperature sensor array, and float-to-32-bit conversion has flawed exponent handling, potentially leading to out-of-bounds memory access, data corruption, or incorrect fan control on affected Apple Silicon systems. The vulnerability affects Linux kernel versions with the macsmc-hwmon driver and has been patched; no active exploitation or POC is currently known, but the nature of the bugs suggests high real-world risk for systems relying on thermal management.

Linux Memory Corruption Apple Buffer Overflow Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28864 LOW PATCH Monitor

A local privilege escalation vulnerability in Apple's Keychain implementation allows an attacker with local access to bypass permissions checking and retrieve sensitive stored credentials and secrets. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploitation has been confirmed, and patched versions are now available across all affected platforms.

Apple Authentication Bypass macOS iOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20691 MEDIUM PATCH This Month

An authorization and state management flaw in Apple's WebKit browser engine allows maliciously crafted webpages to fingerprint users by exploiting improper state handling during web interactions. This vulnerability affects Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 across all Apple platforms. An attacker can exploit this by hosting a specially crafted webpage that leverages the state management weakness to extract browser or device identifiers without user knowledge, enabling user tracking and profiling attacks. No CVSS score, EPSS data, or public proof-of-concept details are currently available, though Apple has released fixes across all affected platforms.

Apple Information Disclosure Safari macOS iOS +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28833 MEDIUM PATCH This Month

A permissions enforcement vulnerability in Apple's operating systems allows third-party applications to enumerate installed applications on a user's device without proper authorization. This information disclosure issue affects iOS, iPadOS, macOS, and visionOS versions prior to 26.4, enabling attackers to gain insight into a user's software ecosystem for profiling or targeting purposes. Apple has addressed this with additional access restrictions in the patched versions, though no CVSS score, EPSS data, or known active exploitation has been publicly disclosed.

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28825 HIGH PATCH This Week

Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.

Apple Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-20668 MEDIUM PATCH This Month

A logging issue in Apple's operating systems allows improper data redaction in system logs, enabling installed applications to access sensitive user data that should have been masked. This vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.3 and earlier, iPadOS 26.3 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.3 and earlier, and visionOS 26.3 and earlier. An attacker with the ability to install or control an application on an affected device could exploit inadequate log data filtering to extract confidential user information that should be protected by the operating system's redaction mechanisms.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20687 HIGH PATCH This Week

Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).

Apple Use After Free Memory Corruption Denial Of Service macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-20701 HIGH PATCH This Week

An access control vulnerability in macOS allows applications to connect to network shares without explicit user consent, bypassing the sandbox restrictions designed to prevent unauthorized network access. This affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, where a malicious or compromised application could silently establish connections to network resources. Apple has addressed this issue through additional sandbox restrictions in the specified patch versions; no public exploit code or active exploitation via KEV has been reported, but the nature of the vulnerability suggests moderate real-world risk due to the ease with which local applications could abuse this capability.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-43534 MEDIUM PATCH This Month

A path handling vulnerability in iOS and iPadOS allows users with physical access to an iOS device to bypass Activation Lock through improved validation gaps in path handling logic. This authentication bypass affects iOS versions prior to 18.7.7 and 26.2, as well as corresponding iPadOS releases. While no CVSS score or EPSS data is publicly available, the physical access requirement and authentication bypass nature indicate a meaningful risk to device security and stolen device protection.

Apple Authentication Bypass iOS
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-28868 MEDIUM PATCH This Month

A logging issue in Apple's operating systems allows improper data redaction, potentially enabling applications to disclose kernel memory contents. This information disclosure vulnerability affects iOS and iPadOS (versions prior to 18.7.7 and 26.4), macOS (Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4), visionOS 26.4, and watchOS 26.4. An untrusted application with standard execution privileges could exploit this to read sensitive kernel memory that should have been redacted from logs, potentially exposing cryptographic material, memory addresses useful for ASLR bypass, or other privileged information. No CVSS score, EPSS data, or public proof-of-concept has been disclosed at this time, and this does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20633 MEDIUM PATCH This Month

This vulnerability involves improper handling of symbolic links (symlinks) in macOS, which could allow an application to access sensitive user data without proper authorization. The issue affects multiple macOS versions including Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4, representing an information disclosure vulnerability with potential impact on user privacy. Apple has released patches to address the symlink handling deficiency, though specific attack complexity and exploitation metrics are not publicly detailed.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28829 MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to modify protected portions of the file system that should be restricted from unauthorized access. This issue affects macOS Sequoia, Sonoma, and Tahoe across multiple versions prior to their patched releases (15.7.5, 14.8.5, and 26.4 respectively). An attacker controlling or tricking a user into running a malicious application could leverage this permissions bypass to modify system-critical files, potentially enabling privilege escalation, persistence mechanisms, or system compromise.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20664 MEDIUM PATCH This Month

Memory corruption in Apple Safari, iOS, iPadOS, macOS, and visionOS allows remote attackers to crash affected processes by delivering maliciously crafted web content to users. The vulnerability requires user interaction to view the malicious content and does not enable code execution or information disclosure. A patch is currently unavailable for this issue.

Apple Memory Corruption Buffer Overflow Ios And Ipados Visionos
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28891 HIGH PATCH This Week

Sandbox escape vulnerability in macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) allows locally-installed applications to break out of their sandbox restrictions through a race condition. An attacker with the ability to run an application on an affected system could exploit this to gain unauthorized access outside the application's intended security boundaries. No patch is currently available for this HIGH severity vulnerability (CVSS 8.1).

Apple Race Condition Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28852 MEDIUM PATCH This Month

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are vulnerable to a stack overflow vulnerability that can be triggered by user interaction with a malicious app, potentially causing denial-of-service conditions. The vulnerability stems from insufficient input validation and affects multiple recent OS versions across Apple's product ecosystem. While no patch is currently available, users should exercise caution when installing apps from untrusted sources.

Apple Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28844 MEDIUM PATCH This Month

A file access control vulnerability in macOS Tahoe allows attackers to bypass input validation mechanisms and gain unauthorized access to protected portions of the file system. The vulnerability affects macOS versions prior to Tahoe 26.4, and has been classified as an Information Disclosure issue by Apple. An attacker exploiting this vulnerability can read or access files and directories that should be restricted from their privilege level, potentially exposing sensitive user data, system configuration files, or other protected resources.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28845 MEDIUM PATCH This Month

An authorization flaw in macOS Tahoe allows applications to bypass access controls and retrieve protected user data due to improper state management during permission checks. Apple has addressed this vulnerability in macOS Tahoe 26.4, and all versions prior to 26.4 remain vulnerable. Affected users should prioritize upgrading to the patched version to prevent unauthorized data access by malicious or compromised applications.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20665 MEDIUM PATCH This Month

This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.

Apple Information Disclosure Safari macOS iOS +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28828 MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows unauthorized applications to access sensitive user data due to insufficient access controls that have been remediated through code removal. The vulnerability affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An unprivileged application could potentially read or access protected user information without proper user consent or authorization, representing a confidentiality breach with moderate real-world impact depending on the specific data accessible.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20632 MEDIUM PATCH This Month

Improper path validation in Apple macOS Tahoe allows unauthenticated remote attackers to read sensitive user data through directory path traversal. The vulnerability requires no user interaction and affects systems prior to macOS Tahoe 26.4. No patch is currently available for this medium-severity issue.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28886 MEDIUM PATCH This Month

Denial-of-service attacks against multiple Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) result from improper null pointer handling that allows attackers in privileged network positions to crash affected systems. An attacker exploiting this CWE-476 vulnerability can render devices unavailable without user interaction. No patch is currently available, requiring users to apply mitigations until updates are released.

Apple Null Pointer Dereference Denial Of Service macOS iOS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-20686 MEDIUM PATCH This Month

An input validation flaw in iOS and iPadOS allows malicious applications to bypass security controls and access sensitive user data without proper authorization. The vulnerability affects iOS and iPadOS versions prior to 26.3, where insufficient input validation in an unspecified component permits unauthorized data disclosure. Apple has patched this vulnerability in iOS 26.3 and iPadOS 26.3, and there are no public indicators of active exploitation or proof-of-concept availability.

Apple Information Disclosure iOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28824 MEDIUM PATCH This Month

An authorization bypass vulnerability in macOS allows applications to access sensitive user data through improper state management of access controls. The vulnerability affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). While no CVSS score, EPSS data, or KEV status is currently published, Apple has released patches addressing this issue, indicating it was discovered through internal review rather than active exploitation.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28832 HIGH PATCH This Week

macOS versions prior to Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 contain an out-of-bounds read vulnerability that allows local applications to access and disclose sensitive kernel memory. An attacker with the ability to run code on an affected system can exploit this memory disclosure to obtain privileged information that may aid in further system compromise. No patch is currently available for this HIGH severity vulnerability.

Buffer Overflow Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-20690 MEDIUM PATCH This Month

Maliciously crafted media files containing out-of-bounds memory access in Apple's audio processing can crash affected applications across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. An attacker can trigger a denial of service by triggering the vulnerability through a specially crafted audio stream, though no patch is currently available. This impacts multiple recent OS versions where an out-of-bounds read occurs during media file processing.

Apple Buffer Overflow Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28865 HIGH PATCH This Week

Improper state management in Apple's authentication mechanisms across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows attackers positioned on a network to intercept and potentially manipulate encrypted traffic. An attacker with privileged network access can exploit this vulnerability to conduct man-in-the-middle attacks without user interaction, compromising the confidentiality of communications. No patch is currently available for this high-severity flaw.

Apple Authentication Bypass macOS iOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28881 MEDIUM PATCH This Month

A privacy vulnerability in macOS Tahoe allows applications to access sensitive user data that should have been protected through proper data isolation. The vulnerability affects macOS versions prior to 26.4, where sensitive data was not adequately segregated from application access. An attacker or malicious application could exploit this flaw to read protected user information without proper authorization, representing a direct information disclosure risk.

Apple Information Disclosure Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28839 MEDIUM PATCH This Month

This vulnerability allows unauthorized applications to access sensitive user data on affected macOS systems through improved security checks that were insufficient in earlier versions. The issue affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An attacker with the ability to execute a malicious application on a vulnerable system could potentially read or exfiltrate sensitive user information that should be protected by macOS security controls. There is no evidence of active exploitation in the wild or public proof-of-concept availability, and the limited disclosure details suggest Apple addressed this proactively before widespread abuse.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28878 MEDIUM PATCH This Month

A privacy vulnerability in Apple's operating systems allows third-party applications to enumerate a user's installed applications, resulting in unauthorized information disclosure about device software inventory. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sonoma prior to 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4 across all affected product lines. An attacker can exploit this vulnerability by crafting a malicious application that leverages the enumeration capability to profile a user's installed software, potentially enabling further targeted attacks or privacy inference attacks based on application usage patterns.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28842 HIGH PATCH This Week

A buffer overflow vulnerability in Apple macOS Tahoe prior to version 26.4 enables remote attackers to trigger a denial-of-service condition through memory corruption and application crashes without requiring user interaction or authentication. The flaw stems from insufficient bounds checking and currently lacks a security patch. This vulnerability affects all macOS users running vulnerable versions.

Apple Buffer Overflow macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28862 MEDIUM PATCH This Month

This vulnerability is a privacy issue in Apple macOS where improved private data redaction for log entries was not properly implemented, allowing applications to potentially access user-sensitive data that should have been redacted. The vulnerability affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, with no public indicators of active exploitation or proof-of-concept code. While CVSS and EPSS scores are unavailable, the nature of the issue suggests moderate real-world risk due to its reliance on application-level exploitation requiring user interaction or system access.

Apple Information Disclosure Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20697 MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to bypass sandbox restrictions and access sensitive user data without proper authorization. The issue affects macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), and macOS Tahoe (versions before 26.4). Apple has patched this vulnerability through enhanced permission restrictions, but no public exploit code or active in-the-wild exploitation has been confirmed at this time.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28835 MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 or earlier, Sonoma 14.8.4 or earlier, and Tahoe 26.3 or earlier contain a use-after-free vulnerability in SMB share handling that could allow an attacker to crash the operating system by mounting a specially crafted network share. The vulnerability requires user interaction to mount the malicious share and results in denial of service rather than code execution or data compromise. No patch is currently available for this vulnerability.

Apple Use After Free Memory Corruption Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28823 MEDIUM PATCH This Month

Root-privileged applications on Apple macOS can bypass path validation to delete protected system files due to insufficient input sanitization. This affects macOS Tahoe 26.4 and requires the attacker to already have root-level access, limiting the attack surface to local privilege escalation scenarios. No patch is currently available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-20639 HIGH PATCH This Week

Integer overflow vulnerability in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.2 and earlier) allows remote attackers to trigger heap corruption by processing a specially crafted string without requiring user interaction or privileges. The vulnerability results in denial of service and potential memory corruption but currently lacks a public patch. No active exploitation has been reported.

Apple Integer Overflow Buffer Overflow macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28874 HIGH PATCH This Week

Unpatched denial-of-service vulnerability in Apple iOS and iPadOS allows unauthenticated remote attackers to crash applications due to insufficient input validation. The vulnerability requires no user interaction and affects all versions prior to 26.4, with no security patch currently available.

Apple Denial Of Service iOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28858 CRITICAL PATCH Act Now

Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption.

Apple Buffer Overflow iOS
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28818 MEDIUM PATCH This Month

A logging issue in Apple macOS allows applications to access sensitive user data that should have been redacted from logs. The vulnerability affects macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), and macOS Tahoe (versions before 26.4). An attacker controlling a malicious app could exploit improper data redaction in system logging to exfiltrate sensitive information that was intended to be masked.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28859 MEDIUM PATCH This Month

A sandbox escape vulnerability in Apple's WebKit browser engine allows malicious websites to process restricted web content outside the security sandbox, potentially enabling unauthorized access to protected system resources. The vulnerability affects Safari and all Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has addressed this issue through improved memory handling in Safari 26.4 and corresponding OS updates across all affected platforms.

Information Disclosure Apple Buffer Overflow Ios And Ipados Tvos +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28875 HIGH PATCH This Week

iOS and iPadOS devices are vulnerable to denial-of-service attacks due to insufficient buffer bounds checking that allows remote attackers to crash affected systems without authentication. The vulnerability affects iOS 26.4 and earlier versions, requiring network access but no user interaction. No patch is currently available for this HIGH severity issue.

Apple Buffer Overflow iOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28822 MEDIUM PATCH This Month

Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.

Apple Memory Corruption Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28834 MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, or Tahoe 26.3 and earlier are vulnerable to a race condition in application state handling that allows local attackers to trigger unexpected system termination and cause denial of service. The vulnerability requires specific timing conditions but does not require user interaction or elevated privileges to exploit. Apple has released patches for affected versions, though exploitation likelihood remains low.

Apple Race Condition Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-28863 MEDIUM PATCH This Month

A permissions issue across Apple's ecosystem allows applications to fingerprint users by accessing information that should be restricted. The vulnerability affects iOS and iPadOS versions prior to 26.4, tvOS prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4. Attackers can exploit this by deploying a malicious app that leverages inadequate permission restrictions to collect device and user identifiers for tracking and profiling purposes. The issue has been addressed by Apple through additional permission restrictions in the patched versions, indicating this is a known vulnerability with an available fix.

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28855 HIGH PATCH This Week

A permissions enforcement vulnerability in Apple's operating systems allows applications to bypass access controls and read protected user data without proper authorization. The issue affects iOS and iPadOS versions prior to 26.3, and macOS Tahoe prior to 26.3. An attacker with a malicious app could exploit insufficient permission restrictions to access sensitive user information such as contacts, location data, photos, or other protected resources that should require explicit user consent.

Apple Authentication Bypass macOS iOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28879 MEDIUM PATCH This Month

Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS contain a use-after-free vulnerability that could allow remote attackers to crash affected applications by processing maliciously crafted web content. The vulnerability stems from improper memory management and requires user interaction to exploit. No patch is currently available, leaving users vulnerable until official updates are released.

Apple Use After Free Denial Of Service Memory Corruption macOS +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28838 MEDIUM PATCH This Month

A sandbox escape vulnerability in macOS allows malicious applications to break out of their sandbox restrictions through a permissions issue. This affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An attacker who distributes a malicious app could potentially gain unauthorized access to system resources and user data that should be protected by the sandbox security boundary.

Apple Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20622 HIGH PATCH This Week

A privacy vulnerability in macOS allows applications to capture a user's screen through improper handling of temporary files. The issue affects macOS Sequoia versions prior to 15.7.4 and macOS Tahoe versions prior to 26.3, enabling unauthorized screen capture by malicious or compromised applications. This vulnerability represents an information disclosure threat where sensitive user data visible on screen could be exfiltrated without user consent or awareness.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28880 MEDIUM PATCH This Month

A permissions enforcement vulnerability in Apple operating systems allows unauthorized enumeration of installed applications on a user's device. This information disclosure issue affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker with the ability to execute code as an installed application could enumerate the complete list of user-installed applications without explicit user permission, enabling targeted attacks, privacy violations, and device profiling.

Apple Authentication Bypass macOS iOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28817 HIGH PATCH This Week

Sandboxed processes on Apple macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can escape sandbox isolation due to a race condition in state handling, allowing local attackers to bypass security restrictions and potentially execute arbitrary operations with elevated privileges. No patch is currently available for affected systems. The vulnerability requires local access and specific timing conditions but carries high impact across confidentiality, integrity, and availability.

Apple Race Condition Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28856 MEDIUM PATCH This Month

This vulnerability allows an attacker with physical access to a locked Apple device to view sensitive user information through an authentication bypass. The issue affects iOS and iPadOS versions prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4 across all affected device lines. Apple has patched this through improved authentication mechanisms, and while no CVSS score, EPSS data, or known exploits-in-the-wild status are publicly disclosed, the physical access requirement and information disclosure impact characterize this as a moderate-priority security update for users in environments with theft or unauthorized device access risks.

Apple Authentication Bypass iOS
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-28895 MEDIUM PATCH This Month

A bypass vulnerability exists in iOS and iPadOS Stolen Device Protection that allows an attacker with physical access to an iOS device to circumvent biometric authentication and access protected apps using only the device passcode. This vulnerability affects devices running iOS and iPadOS versions prior to 26.4, where Stolen Device Protection is enabled. An attacker gaining physical possession of a locked device can exploit this flaw to access biometrics-gated Protected Apps, effectively defeating the intended security mechanism that requires biometric verification (Face ID or Touch ID) in addition to the passcode for sensitive app access.

Apple Authentication Bypass iOS
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-20637 MEDIUM PATCH This Month

Denial of service in Apple iOS, iPadOS, and macOS due to a use-after-free memory corruption vulnerability allows local attackers to trigger unexpected system termination. The flaw affects multiple Apple platforms including iOS 18.x, macOS Sequoia, Sonoma, and Tahoe versions. No patch is currently available.

Apple Use After Free Denial Of Service Memory Corruption macOS +1
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-20699 MEDIUM PATCH This Month

A downgrade vulnerability affecting Intel-based Mac computers allows malicious applications to bypass code-signing restrictions and access user-sensitive data. The vulnerability impacts macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), macOS Tahoe (versions before 26.3 and 26.4), and affects all Intel-based Mac systems running vulnerable versions. An attacker can craft an application that exploits insufficient code-signing validation to downgrade security protections and exfiltrate sensitive user information.

Apple Information Disclosure Intel Jwt Attack macOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28876 HIGH PATCH This Week

Improper path validation in Apple's operating systems (iOS, iPadOS, macOS, and visionOS) allows applications to bypass directory access restrictions and read sensitive user data without user interaction. An attacker with a malicious app could exploit this parsing weakness to access confidential information across affected Apple devices. No patch is currently available, though Apple has released fixed versions across its product line.

Apple Authentication Bypass macOS iOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28821 HIGH PATCH This Week

A validation flaw in macOS entitlement verification allows applications to bypass privilege checks and gain elevated system privileges. The vulnerability affects macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. Apple has addressed this issue through improved validation of process entitlements in patched versions (15.7.5, 14.8.5, and 26.4 respectively), but no CVSS score, EPSS data, or KEV inclusion status is currently available, limiting immediate risk quantification.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-28837 HIGH PATCH This Week

A logic flaw in macOS Tahoe allows applications to bypass security controls and access sensitive user data without proper authorization. The vulnerability affects macOS versions prior to 26.4 and is addressed through improved input validation and access control checks. While CVSS scoring data is unavailable, Apple has released a patch indicating this is a genuine security concern requiring immediate attention.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20695 MEDIUM PATCH This Month

An information disclosure vulnerability in macOS allows applications to determine kernel memory layout through improper memory management, enabling potential attacks that rely on kernel address space layout randomization (KASLR) bypass. This issue affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). An unprivileged application can exploit this to leak kernel memory addresses, which is a critical prerequisite for more sophisticated kernel exploitation attacks. No CVSS score, EPSS probability, or evidence of active exploitation in CISA KEV catalog has been published, though the vulnerability was patched by Apple across three major OS versions, suggesting it was discovered through responsible disclosure rather than in-the-wild exploitation.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28861 MEDIUM PATCH This Month

A logic error in Apple's script message handler implementation allows malicious websites to access script message handlers intended for other origins, resulting in unauthorized cross-origin information disclosure. This vulnerability affects Safari 26.4 and earlier, iOS/iPadOS 18.7.7 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker can craft a malicious website that exploits improper state management in the message handler routing mechanism to intercept sensitive data intended for legitimate web applications, potentially exposing authentication tokens, user data, or other confidential information passed through script messaging interfaces.

Apple XSS Ios And Ipados Visionos
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20694 MEDIUM PATCH This Month

This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28820 MEDIUM PATCH This Month

An information disclosure vulnerability in macOS Tahoe allows applications to access sensitive user data through insufficient access controls. The vulnerability affects all versions of macOS prior to version 26.4, where the flaw was remediated through improved permission checking mechanisms. While specific technical details are limited, the vulnerability enables malicious or compromised applications to bypass privacy protections and exfiltrate user information.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28877 MEDIUM PATCH This Month

An authorization bypass vulnerability in Apple's operating systems allows third-party applications to access sensitive user data through improper state management during authorization checks. The vulnerability affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier across multiple Apple devices and platforms. An attacker can exploit this by crafting a malicious application that circumvents authorization controls to read protected user information without explicit user consent. No CVSS score, EPSS probability, or active exploitation status has been disclosed by Apple, though the vulnerability spans all major Apple operating systems indicating broad platform impact.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20657 MEDIUM PATCH This Month

Improper memory handling in Apple iOS, iPadOS, and macOS allows remote denial of service when processing maliciously crafted files, potentially causing unexpected application crashes. An attacker can trigger this vulnerability by delivering a specially crafted file to a victim, resulting in app termination without requiring user privileges or interaction beyond opening the file. No patch is currently available for this medium-severity vulnerability affecting multiple Apple platforms.

Apple Buffer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20698 HIGH PATCH This Week

This vulnerability is a memory handling flaw in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) that allows a malicious application to trigger unexpected system termination or corrupt kernel memory. The vulnerability affects all versions prior to the version 26.4 releases across Apple's entire ecosystem. An attacker can exploit this by crafting a malicious app that triggers improper memory handling, potentially leading to denial of service or privilege escalation through kernel memory corruption.

Apple Memory Corruption Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28882 MEDIUM PATCH This Month

An information disclosure vulnerability in Apple's operating systems allows applications to enumerate a user's installed apps without proper authorization. This affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS versions prior to 26.4. An attacker can distribute a malicious app that queries the system to discover what applications a user has installed, potentially enabling targeted attacks or privacy violations. No CVSS score, EPSS data, or known public exploits are currently documented, but the vulnerability has been fixed across all Apple platforms, indicating Apple assessed this as requiring immediate remediation.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28894 HIGH PATCH This Week

Remote attackers can trigger denial-of-service conditions against multiple Apple operating systems (iOS, iPadOS, macOS variants) through network requests that bypass insufficient input validation. The vulnerability affects iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. No patch is currently available for this high-severity vulnerability with a 7.5 CVSS score.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28857 MEDIUM PATCH This Month

This vulnerability affects Apple's Safari browser and related Apple operating systems (iOS, iPadOS, macOS Tahoe, and visionOS) due to improper memory handling when processing maliciously crafted web content. The flaw can lead to unexpected process crashes, resulting in a denial of service condition affecting all users of the impacted Safari versions and OS versions below 26.4. While no CVSS score or EPSS data is currently published, the vulnerability has been patched by Apple, suggesting it was discovered through internal security review or responsible disclosure rather than active exploitation.

Apple Information Disclosure Buffer Overflow Ios And Ipados Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28841 MEDIUM PATCH This Month

macOS Tahoe versions prior to 26.4 contain a buffer overflow vulnerability that can cause denial of service through unexpected application termination or memory corruption when exploited by local attackers. The vulnerability stems from insufficient size validation in memory operations and requires no user interaction to trigger. No patch is currently available for affected systems.

Apple Buffer Overflow macOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28816 MEDIUM PATCH This Month

Unauthorized file deletion in macOS Sequoia, Sonoma, and Tahoe allows unprivileged applications to delete files without proper permissions due to insufficient path validation. An attacker could exploit this vulnerability through a malicious app to remove sensitive files outside the application's intended scope. This medium-severity local vulnerability affects multiple recent macOS versions and currently has no available patch.

Apple Path Traversal macOS
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-20607 MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to bypass security restrictions and access protected user data due to insufficient authorization checks. This issue affects macOS Sequoia (prior to 15.7.5), macOS Sonoma (prior to 14.8.5), and macOS Tahoe (prior to 26.4). An attacker with the ability to execute an application on the affected system could potentially access sensitive user information without proper user consent or authorization. No CVSS score, EPSS data, or active exploitation in the wild (KEV status) has been disclosed by Apple.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28870 MEDIUM PATCH This Month

An information leakage vulnerability affecting Apple's operating systems across multiple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) allows third-party applications to access sensitive user data through insufficient validation mechanisms. The vulnerability impacts all versions prior to the 26.4 release across affected platforms, enabling malicious or compromised applications to bypass access controls and exfiltrate private user information. While no CVSS score, EPSS data, or active exploitation in the wild has been publicly disclosed, the breadth of affected platforms and the fundamental nature of information disclosure vulnerabilities suggest moderate to significant real-world risk.

Apple Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28827 CRITICAL PATCH Act Now

Improper path validation in macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) allows sandboxed applications to escape their sandbox restrictions through directory path traversal. A local attacker with the ability to run malicious apps can exploit this weakness to execute code outside sandbox boundaries with full system privileges. No patch is currently available for this critical vulnerability.

Apple Path Traversal macOS
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-28831 MEDIUM PATCH This Month

An authorization flaw in macOS allows applications to bypass state management controls and access sensitive user data without proper authorization. The vulnerability affects macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. While no CVSS score, EPSS data, or public exploit code is currently available, Apple has silently patched this issue across three major macOS versions, suggesting it posed a meaningful risk to user privacy and data confidentiality.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20693 MEDIUM PATCH This Month

Protected system files on macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can be deleted by attackers with root privileges due to improper state management. This integrity-impacting vulnerability affects administrators and privileged users who could leverage elevated access to remove critical system components. No patch is currently available for this medium-severity issue.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-28866 MEDIUM PATCH This Month

A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28893 LOW PATCH Monitor

A privacy vulnerability in macOS Tahoe allows documents to be inadvertently written to temporary files during print preview operations, potentially exposing sensitive information to unauthorized access. This affects macOS versions prior to 26.4. An attacker with local file system access could retrieve unencrypted documents from temporary storage, circumventing user expectations of privacy during print operations.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-20631 HIGH PATCH This Week

A logic flaw in macOS Tahoe allows local users to elevate their privileges through improved checks that were insufficient in earlier versions. This vulnerability affects macOS versions prior to 26.4 and enables privilege escalation attacks from standard user accounts to higher privilege levels. Apple has patched this issue in macOS Tahoe 26.4, and no active exploitation or public proof-of-concept code has been reported.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20670 MEDIUM PATCH This Month

An authorization bypass vulnerability in macOS allows applications to access sensitive user data through improper state management. The vulnerability affects macOS Sonoma 14.8.4 and earlier versions, as well as macOS Tahoe 26.3 and earlier, enabling unprivileged apps to circumvent authorization checks and obtain restricted user information. Apple has addressed this issue through patched releases, and no public exploitation activity or proof-of-concept code has been reported at this time.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20688 CRITICAL PATCH Act Now

Sandbox escape vulnerability in Apple iOS, iPadOS, macOS, and visionOS allows local attackers to break out of application sandboxes through improper path validation, potentially enabling unauthorized access to system resources and data. An attacker with local access could leverage this flaw to execute arbitrary operations outside application boundaries and bypass security restrictions. No patch is currently available for this critical vulnerability affecting multiple Apple platforms.

Apple Path Traversal macOS iOS
NVD VulDB
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-28892 MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to bypass file system protections and modify protected system files or directories through inadequate access controls. This affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). Apple has addressed the issue by removing vulnerable code, and no active exploitation or proof-of-concept has been publicly disclosed at this time.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28867 MEDIUM PATCH This Month

A kernel state information disclosure vulnerability exists across Apple's entire platform ecosystem that allows a malicious application to leak sensitive kernel memory without requiring elevated privileges. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Tahoe 26.4, and tvOS, visionOS, and watchOS 26.4. An attacker can craft a specially designed app that exploits improper authentication mechanisms to access protected kernel state, potentially exposing cryptographic keys, memory addresses, or other sensitive operating system internals that could be chained with other vulnerabilities.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28888 MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, and Tahoe 26.3 and earlier contain a race condition in state handling that allows local applications to escalate privileges to root. The vulnerability stems from improper synchronization during critical operations, enabling an attacker with local access to exploit the timing window and gain elevated system privileges. Patches have been released for affected macOS versions.

Apple Race Condition Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-20692 MEDIUM PATCH This Month

A privacy vulnerability in Apple's Mail application allows the "Hide IP Address" and "Block All Remote Content" user preferences to fail inconsistently across certain mail content, potentially exposing user IP addresses and loading remote content despite explicit user configuration. This affects iOS, iPadOS, and multiple macOS versions. While no CVSS score or EPSS data is currently available and there is no indication of active exploitation in the wild (KEV status not listed), the vulnerability represents a direct circumvention of privacy controls that users explicitly enable to protect their identity and security posture.

Apple Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.

Cisco Denial Of Service Apple
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Insufficient privilege validation on the start maintenance command in Cisco IOS XE Software enables authenticated local attackers to trigger a denial of service by placing devices into maintenance mode, which disables network interfaces. Low-privileged users can exploit this via CLI access without administrative credentials. Device recovery requires administrator intervention using the stop maintenance command.

Cisco Denial Of Service Apple
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.

Cisco RCE Apple
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available.

Cisco Denial Of Service Apple
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.

Denial Of Service Apple Cisco
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation.

Cisco Denial Of Service Microsoft +1
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.

Cisco Denial Of Service Apple
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. No patch is currently available for this denial-of-service vulnerability.

Cisco Denial Of Service Apple
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Apple Silicon SMC hwmon driver (macsmc-hwmon) in the Linux kernel contains critical memory safety bugs in sensor population and float conversion logic. Specifically, voltage sensors are incorrectly registered to the temperature sensor array, and float-to-32-bit conversion has flawed exponent handling, potentially leading to out-of-bounds memory access, data corruption, or incorrect fan control on affected Apple Silicon systems. The vulnerability affects Linux kernel versions with the macsmc-hwmon driver and has been patched; no active exploitation or POC is currently known, but the nature of the bugs suggests high real-world risk for systems relying on thermal management.

Linux Memory Corruption Apple +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A local privilege escalation vulnerability in Apple's Keychain implementation allows an attacker with local access to bypass permissions checking and retrieve sensitive stored credentials and secrets. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploitation has been confirmed, and patched versions are now available across all affected platforms.

Apple Authentication Bypass macOS +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An authorization and state management flaw in Apple's WebKit browser engine allows maliciously crafted webpages to fingerprint users by exploiting improper state handling during web interactions. This vulnerability affects Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 across all Apple platforms. An attacker can exploit this by hosting a specially crafted webpage that leverages the state management weakness to extract browser or device identifiers without user knowledge, enabling user tracking and profiling attacks. No CVSS score, EPSS data, or public proof-of-concept details are currently available, though Apple has released fixes across all affected platforms.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A permissions enforcement vulnerability in Apple's operating systems allows third-party applications to enumerate installed applications on a user's device without proper authorization. This information disclosure issue affects iOS, iPadOS, macOS, and visionOS versions prior to 26.4, enabling attackers to gain insight into a user's software ecosystem for profiling or targeting purposes. Apple has addressed this with additional access restrictions in the patched versions, though no CVSS score, EPSS data, or known active exploitation has been publicly disclosed.

Apple Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.

Apple Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A logging issue in Apple's operating systems allows improper data redaction in system logs, enabling installed applications to access sensitive user data that should have been masked. This vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.3 and earlier, iPadOS 26.3 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.3 and earlier, and visionOS 26.3 and earlier. An attacker with the ability to install or control an application on an affected device could exploit inadequate log data filtering to extract confidential user information that should be protected by the operating system's redaction mechanisms.

Apple Information Disclosure macOS +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).

Apple Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An access control vulnerability in macOS allows applications to connect to network shares without explicit user consent, bypassing the sandbox restrictions designed to prevent unauthorized network access. This affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, where a malicious or compromised application could silently establish connections to network resources. Apple has addressed this issue through additional sandbox restrictions in the specified patch versions; no public exploit code or active exploitation via KEV has been reported, but the nature of the vulnerability suggests moderate real-world risk due to the ease with which local applications could abuse this capability.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A path handling vulnerability in iOS and iPadOS allows users with physical access to an iOS device to bypass Activation Lock through improved validation gaps in path handling logic. This authentication bypass affects iOS versions prior to 18.7.7 and 26.2, as well as corresponding iPadOS releases. While no CVSS score or EPSS data is publicly available, the physical access requirement and authentication bypass nature indicate a meaningful risk to device security and stolen device protection.

Apple Authentication Bypass iOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A logging issue in Apple's operating systems allows improper data redaction, potentially enabling applications to disclose kernel memory contents. This information disclosure vulnerability affects iOS and iPadOS (versions prior to 18.7.7 and 26.4), macOS (Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4), visionOS 26.4, and watchOS 26.4. An untrusted application with standard execution privileges could exploit this to read sensitive kernel memory that should have been redacted from logs, potentially exposing cryptographic material, memory addresses useful for ASLR bypass, or other privileged information. No CVSS score, EPSS data, or public proof-of-concept has been disclosed at this time, and this does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog.

Apple Information Disclosure macOS +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability involves improper handling of symbolic links (symlinks) in macOS, which could allow an application to access sensitive user data without proper authorization. The issue affects multiple macOS versions including Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4, representing an information disclosure vulnerability with potential impact on user privacy. Apple has released patches to address the symlink handling deficiency, though specific attack complexity and exploitation metrics are not publicly detailed.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to modify protected portions of the file system that should be restricted from unauthorized access. This issue affects macOS Sequoia, Sonoma, and Tahoe across multiple versions prior to their patched releases (15.7.5, 14.8.5, and 26.4 respectively). An attacker controlling or tricking a user into running a malicious application could leverage this permissions bypass to modify system-critical files, potentially enabling privilege escalation, persistence mechanisms, or system compromise.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Memory corruption in Apple Safari, iOS, iPadOS, macOS, and visionOS allows remote attackers to crash affected processes by delivering maliciously crafted web content to users. The vulnerability requires user interaction to view the malicious content and does not enable code execution or information disclosure. A patch is currently unavailable for this issue.

Apple Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Sandbox escape vulnerability in macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) allows locally-installed applications to break out of their sandbox restrictions through a race condition. An attacker with the ability to run an application on an affected system could exploit this to gain unauthorized access outside the application's intended security boundaries. No patch is currently available for this HIGH severity vulnerability (CVSS 8.1).

Apple Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are vulnerable to a stack overflow vulnerability that can be triggered by user interaction with a malicious app, potentially causing denial-of-service conditions. The vulnerability stems from insufficient input validation and affects multiple recent OS versions across Apple's product ecosystem. While no patch is currently available, users should exercise caution when installing apps from untrusted sources.

Apple Buffer Overflow macOS +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A file access control vulnerability in macOS Tahoe allows attackers to bypass input validation mechanisms and gain unauthorized access to protected portions of the file system. The vulnerability affects macOS versions prior to Tahoe 26.4, and has been classified as an Information Disclosure issue by Apple. An attacker exploiting this vulnerability can read or access files and directories that should be restricted from their privilege level, potentially exposing sensitive user data, system configuration files, or other protected resources.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An authorization flaw in macOS Tahoe allows applications to bypass access controls and retrieve protected user data due to improper state management during permission checks. Apple has addressed this vulnerability in macOS Tahoe 26.4, and all versions prior to 26.4 remain vulnerable. Affected users should prioritize upgrading to the patched version to prevent unauthorized data access by malicious or compromised applications.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.

Apple Information Disclosure Safari +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows unauthorized applications to access sensitive user data due to insufficient access controls that have been remediated through code removal. The vulnerability affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An unprivileged application could potentially read or access protected user information without proper user consent or authorization, representing a confidentiality breach with moderate real-world impact depending on the specific data accessible.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper path validation in Apple macOS Tahoe allows unauthenticated remote attackers to read sensitive user data through directory path traversal. The vulnerability requires no user interaction and affects systems prior to macOS Tahoe 26.4. No patch is currently available for this medium-severity issue.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial-of-service attacks against multiple Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) result from improper null pointer handling that allows attackers in privileged network positions to crash affected systems. An attacker exploiting this CWE-476 vulnerability can render devices unavailable without user interaction. No patch is currently available, requiring users to apply mitigations until updates are released.

Apple Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An input validation flaw in iOS and iPadOS allows malicious applications to bypass security controls and access sensitive user data without proper authorization. The vulnerability affects iOS and iPadOS versions prior to 26.3, where insufficient input validation in an unspecified component permits unauthorized data disclosure. Apple has patched this vulnerability in iOS 26.3 and iPadOS 26.3, and there are no public indicators of active exploitation or proof-of-concept availability.

Apple Information Disclosure iOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An authorization bypass vulnerability in macOS allows applications to access sensitive user data through improper state management of access controls. The vulnerability affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). While no CVSS score, EPSS data, or KEV status is currently published, Apple has released patches addressing this issue, indicating it was discovered through internal review rather than active exploitation.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

macOS versions prior to Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 contain an out-of-bounds read vulnerability that allows local applications to access and disclose sensitive kernel memory. An attacker with the ability to run code on an affected system can exploit this memory disclosure to obtain privileged information that may aid in further system compromise. No patch is currently available for this HIGH severity vulnerability.

Buffer Overflow Apple Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Maliciously crafted media files containing out-of-bounds memory access in Apple's audio processing can crash affected applications across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. An attacker can trigger a denial of service by triggering the vulnerability through a specially crafted audio stream, though no patch is currently available. This impacts multiple recent OS versions where an out-of-bounds read occurs during media file processing.

Apple Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper state management in Apple's authentication mechanisms across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows attackers positioned on a network to intercept and potentially manipulate encrypted traffic. An attacker with privileged network access can exploit this vulnerability to conduct man-in-the-middle attacks without user interaction, compromising the confidentiality of communications. No patch is currently available for this high-severity flaw.

Apple Authentication Bypass macOS +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A privacy vulnerability in macOS Tahoe allows applications to access sensitive user data that should have been protected through proper data isolation. The vulnerability affects macOS versions prior to 26.4, where sensitive data was not adequately segregated from application access. An attacker or malicious application could exploit this flaw to read protected user information without proper authorization, representing a direct information disclosure risk.

Apple Information Disclosure Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

This vulnerability allows unauthorized applications to access sensitive user data on affected macOS systems through improved security checks that were insufficient in earlier versions. The issue affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An attacker with the ability to execute a malicious application on a vulnerable system could potentially read or exfiltrate sensitive user information that should be protected by macOS security controls. There is no evidence of active exploitation in the wild or public proof-of-concept availability, and the limited disclosure details suggest Apple addressed this proactively before widespread abuse.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A privacy vulnerability in Apple's operating systems allows third-party applications to enumerate a user's installed applications, resulting in unauthorized information disclosure about device software inventory. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sonoma prior to 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4 across all affected product lines. An attacker can exploit this vulnerability by crafting a malicious application that leverages the enumeration capability to profile a user's installed software, potentially enabling further targeted attacks or privacy inference attacks based on application usage patterns.

Apple Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A buffer overflow vulnerability in Apple macOS Tahoe prior to version 26.4 enables remote attackers to trigger a denial-of-service condition through memory corruption and application crashes without requiring user interaction or authentication. The flaw stems from insufficient bounds checking and currently lacks a security patch. This vulnerability affects all macOS users running vulnerable versions.

Apple Buffer Overflow macOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

This vulnerability is a privacy issue in Apple macOS where improved private data redaction for log entries was not properly implemented, allowing applications to potentially access user-sensitive data that should have been redacted. The vulnerability affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, with no public indicators of active exploitation or proof-of-concept code. While CVSS and EPSS scores are unavailable, the nature of the issue suggests moderate real-world risk due to its reliance on application-level exploitation requiring user interaction or system access.

Apple Information Disclosure Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to bypass sandbox restrictions and access sensitive user data without proper authorization. The issue affects macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), and macOS Tahoe (versions before 26.4). Apple has patched this vulnerability through enhanced permission restrictions, but no public exploit code or active in-the-wild exploitation has been confirmed at this time.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 or earlier, Sonoma 14.8.4 or earlier, and Tahoe 26.3 or earlier contain a use-after-free vulnerability in SMB share handling that could allow an attacker to crash the operating system by mounting a specially crafted network share. The vulnerability requires user interaction to mount the malicious share and results in denial of service rather than code execution or data compromise. No patch is currently available for this vulnerability.

Apple Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Root-privileged applications on Apple macOS can bypass path validation to delete protected system files due to insufficient input sanitization. This affects macOS Tahoe 26.4 and requires the attacker to already have root-level access, limiting the attack surface to local privilege escalation scenarios. No patch is currently available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow vulnerability in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.2 and earlier) allows remote attackers to trigger heap corruption by processing a specially crafted string without requiring user interaction or privileges. The vulnerability results in denial of service and potential memory corruption but currently lacks a public patch. No active exploitation has been reported.

Apple Integer Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unpatched denial-of-service vulnerability in Apple iOS and iPadOS allows unauthenticated remote attackers to crash applications due to insufficient input validation. The vulnerability requires no user interaction and affects all versions prior to 26.4, with no security patch currently available.

Apple Denial Of Service iOS
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption.

Apple Buffer Overflow iOS
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A logging issue in Apple macOS allows applications to access sensitive user data that should have been redacted from logs. The vulnerability affects macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), and macOS Tahoe (versions before 26.4). An attacker controlling a malicious app could exploit improper data redaction in system logging to exfiltrate sensitive information that was intended to be masked.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A sandbox escape vulnerability in Apple's WebKit browser engine allows malicious websites to process restricted web content outside the security sandbox, potentially enabling unauthorized access to protected system resources. The vulnerability affects Safari and all Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has addressed this issue through improved memory handling in Safari 26.4 and corresponding OS updates across all affected platforms.

Information Disclosure Apple Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

iOS and iPadOS devices are vulnerable to denial-of-service attacks due to insufficient buffer bounds checking that allows remote attackers to crash affected systems without authentication. The vulnerability affects iOS 26.4 and earlier versions, requiring network access but no user interaction. No patch is currently available for this HIGH severity issue.

Apple Buffer Overflow iOS
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.

Apple Memory Corruption Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, or Tahoe 26.3 and earlier are vulnerable to a race condition in application state handling that allows local attackers to trigger unexpected system termination and cause denial of service. The vulnerability requires specific timing conditions but does not require user interaction or elevated privileges to exploit. Apple has released patches for affected versions, though exploitation likelihood remains low.

Apple Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A permissions issue across Apple's ecosystem allows applications to fingerprint users by accessing information that should be restricted. The vulnerability affects iOS and iPadOS versions prior to 26.4, tvOS prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4. Attackers can exploit this by deploying a malicious app that leverages inadequate permission restrictions to collect device and user identifiers for tracking and profiling purposes. The issue has been addressed by Apple through additional permission restrictions in the patched versions, indicating this is a known vulnerability with an available fix.

Apple Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A permissions enforcement vulnerability in Apple's operating systems allows applications to bypass access controls and read protected user data without proper authorization. The issue affects iOS and iPadOS versions prior to 26.3, and macOS Tahoe prior to 26.3. An attacker with a malicious app could exploit insufficient permission restrictions to access sensitive user information such as contacts, location data, photos, or other protected resources that should require explicit user consent.

Apple Authentication Bypass macOS +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS contain a use-after-free vulnerability that could allow remote attackers to crash affected applications by processing maliciously crafted web content. The vulnerability stems from improper memory management and requires user interaction to exploit. No patch is currently available, leaving users vulnerable until official updates are released.

Apple Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A sandbox escape vulnerability in macOS allows malicious applications to break out of their sandbox restrictions through a permissions issue. This affects macOS Sequoia (versions prior to 15.7.5), macOS Sonoma (versions prior to 14.8.5), and macOS Tahoe (versions prior to 26.4). An attacker who distributes a malicious app could potentially gain unauthorized access to system resources and user data that should be protected by the sandbox security boundary.

Apple Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A privacy vulnerability in macOS allows applications to capture a user's screen through improper handling of temporary files. The issue affects macOS Sequoia versions prior to 15.7.4 and macOS Tahoe versions prior to 26.3, enabling unauthorized screen capture by malicious or compromised applications. This vulnerability represents an information disclosure threat where sensitive user data visible on screen could be exfiltrated without user consent or awareness.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A permissions enforcement vulnerability in Apple operating systems allows unauthorized enumeration of installed applications on a user's device. This information disclosure issue affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker with the ability to execute code as an installed application could enumerate the complete list of user-installed applications without explicit user permission, enabling targeted attacks, privacy violations, and device profiling.

Apple Authentication Bypass macOS +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Sandboxed processes on Apple macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can escape sandbox isolation due to a race condition in state handling, allowing local attackers to bypass security restrictions and potentially execute arbitrary operations with elevated privileges. No patch is currently available for affected systems. The vulnerability requires local access and specific timing conditions but carries high impact across confidentiality, integrity, and availability.

Apple Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

This vulnerability allows an attacker with physical access to a locked Apple device to view sensitive user information through an authentication bypass. The issue affects iOS and iPadOS versions prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4 across all affected device lines. Apple has patched this through improved authentication mechanisms, and while no CVSS score, EPSS data, or known exploits-in-the-wild status are publicly disclosed, the physical access requirement and information disclosure impact characterize this as a moderate-priority security update for users in environments with theft or unauthorized device access risks.

Apple Authentication Bypass iOS
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

A bypass vulnerability exists in iOS and iPadOS Stolen Device Protection that allows an attacker with physical access to an iOS device to circumvent biometric authentication and access protected apps using only the device passcode. This vulnerability affects devices running iOS and iPadOS versions prior to 26.4, where Stolen Device Protection is enabled. An attacker gaining physical possession of a locked device can exploit this flaw to access biometrics-gated Protected Apps, effectively defeating the intended security mechanism that requires biometric verification (Face ID or Touch ID) in addition to the passcode for sensitive app access.

Apple Authentication Bypass iOS
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial of service in Apple iOS, iPadOS, and macOS due to a use-after-free memory corruption vulnerability allows local attackers to trigger unexpected system termination. The flaw affects multiple Apple platforms including iOS 18.x, macOS Sequoia, Sonoma, and Tahoe versions. No patch is currently available.

Apple Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A downgrade vulnerability affecting Intel-based Mac computers allows malicious applications to bypass code-signing restrictions and access user-sensitive data. The vulnerability impacts macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), macOS Tahoe (versions before 26.3 and 26.4), and affects all Intel-based Mac systems running vulnerable versions. An attacker can craft an application that exploits insufficient code-signing validation to downgrade security protections and exfiltrate sensitive user information.

Apple Information Disclosure Intel +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper path validation in Apple's operating systems (iOS, iPadOS, macOS, and visionOS) allows applications to bypass directory access restrictions and read sensitive user data without user interaction. An attacker with a malicious app could exploit this parsing weakness to access confidential information across affected Apple devices. No patch is currently available, though Apple has released fixed versions across its product line.

Apple Authentication Bypass macOS +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

A validation flaw in macOS entitlement verification allows applications to bypass privilege checks and gain elevated system privileges. The vulnerability affects macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. Apple has addressed this issue through improved validation of process entitlements in patched versions (15.7.5, 14.8.5, and 26.4 respectively), but no CVSS score, EPSS data, or KEV inclusion status is currently available, limiting immediate risk quantification.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A logic flaw in macOS Tahoe allows applications to bypass security controls and access sensitive user data without proper authorization. The vulnerability affects macOS versions prior to 26.4 and is addressed through improved input validation and access control checks. While CVSS scoring data is unavailable, Apple has released a patch indicating this is a genuine security concern requiring immediate attention.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An information disclosure vulnerability in macOS allows applications to determine kernel memory layout through improper memory management, enabling potential attacks that rely on kernel address space layout randomization (KASLR) bypass. This issue affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). An unprivileged application can exploit this to leak kernel memory addresses, which is a critical prerequisite for more sophisticated kernel exploitation attacks. No CVSS score, EPSS probability, or evidence of active exploitation in CISA KEV catalog has been published, though the vulnerability was patched by Apple across three major OS versions, suggesting it was discovered through responsible disclosure rather than in-the-wild exploitation.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A logic error in Apple's script message handler implementation allows malicious websites to access script message handlers intended for other origins, resulting in unauthorized cross-origin information disclosure. This vulnerability affects Safari 26.4 and earlier, iOS/iPadOS 18.7.7 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker can craft a malicious website that exploits improper state management in the message handler routing mechanism to intercept sensitive data intended for legitimate web applications, potentially exposing authentication tokens, user data, or other confidential information passed through script messaging interfaces.

Apple XSS Ios And Ipados +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.

Apple Information Disclosure macOS +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An information disclosure vulnerability in macOS Tahoe allows applications to access sensitive user data through insufficient access controls. The vulnerability affects all versions of macOS prior to version 26.4, where the flaw was remediated through improved permission checking mechanisms. While specific technical details are limited, the vulnerability enables malicious or compromised applications to bypass privacy protections and exfiltrate user information.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An authorization bypass vulnerability in Apple's operating systems allows third-party applications to access sensitive user data through improper state management during authorization checks. The vulnerability affects iOS/iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier across multiple Apple devices and platforms. An attacker can exploit this by crafting a malicious application that circumvents authorization controls to read protected user information without explicit user consent. No CVSS score, EPSS probability, or active exploitation status has been disclosed by Apple, though the vulnerability spans all major Apple operating systems indicating broad platform impact.

Apple Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Improper memory handling in Apple iOS, iPadOS, and macOS allows remote denial of service when processing maliciously crafted files, potentially causing unexpected application crashes. An attacker can trigger this vulnerability by delivering a specially crafted file to a victim, resulting in app termination without requiring user privileges or interaction beyond opening the file. No patch is currently available for this medium-severity vulnerability affecting multiple Apple platforms.

Apple Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

This vulnerability is a memory handling flaw in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) that allows a malicious application to trigger unexpected system termination or corrupt kernel memory. The vulnerability affects all versions prior to the version 26.4 releases across Apple's entire ecosystem. An attacker can exploit this by crafting a malicious app that triggers improper memory handling, potentially leading to denial of service or privilege escalation through kernel memory corruption.

Apple Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

An information disclosure vulnerability in Apple's operating systems allows applications to enumerate a user's installed apps without proper authorization. This affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS versions prior to 26.4. An attacker can distribute a malicious app that queries the system to discover what applications a user has installed, potentially enabling targeted attacks or privacy violations. No CVSS score, EPSS data, or known public exploits are currently documented, but the vulnerability has been fixed across all Apple platforms, indicating Apple assessed this as requiring immediate remediation.

Apple Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can trigger denial-of-service conditions against multiple Apple operating systems (iOS, iPadOS, macOS variants) through network requests that bypass insufficient input validation. The vulnerability affects iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. No patch is currently available for this high-severity vulnerability with a 7.5 CVSS score.

Apple Information Disclosure macOS +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

This vulnerability affects Apple's Safari browser and related Apple operating systems (iOS, iPadOS, macOS Tahoe, and visionOS) due to improper memory handling when processing maliciously crafted web content. The flaw can lead to unexpected process crashes, resulting in a denial of service condition affecting all users of the impacted Safari versions and OS versions below 26.4. While no CVSS score or EPSS data is currently published, the vulnerability has been patched by Apple, suggesting it was discovered through internal security review or responsible disclosure rather than active exploitation.

Apple Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

macOS Tahoe versions prior to 26.4 contain a buffer overflow vulnerability that can cause denial of service through unexpected application termination or memory corruption when exploited by local attackers. The vulnerability stems from insufficient size validation in memory operations and requires no user interaction to trigger. No patch is currently available for affected systems.

Apple Buffer Overflow macOS
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unauthorized file deletion in macOS Sequoia, Sonoma, and Tahoe allows unprivileged applications to delete files without proper permissions due to insufficient path validation. An attacker could exploit this vulnerability through a malicious app to remove sensitive files outside the application's intended scope. This medium-severity local vulnerability affects multiple recent macOS versions and currently has no available patch.

Apple Path Traversal macOS
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to bypass security restrictions and access protected user data due to insufficient authorization checks. This issue affects macOS Sequoia (prior to 15.7.5), macOS Sonoma (prior to 14.8.5), and macOS Tahoe (prior to 26.4). An attacker with the ability to execute an application on the affected system could potentially access sensitive user information without proper user consent or authorization. No CVSS score, EPSS data, or active exploitation in the wild (KEV status) has been disclosed by Apple.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information leakage vulnerability affecting Apple's operating systems across multiple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) allows third-party applications to access sensitive user data through insufficient validation mechanisms. The vulnerability impacts all versions prior to the 26.4 release across affected platforms, enabling malicious or compromised applications to bypass access controls and exfiltrate private user information. While no CVSS score, EPSS data, or active exploitation in the wild has been publicly disclosed, the breadth of affected platforms and the fundamental nature of information disclosure vulnerabilities suggest moderate to significant real-world risk.

Apple Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Improper path validation in macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) allows sandboxed applications to escape their sandbox restrictions through directory path traversal. A local attacker with the ability to run malicious apps can exploit this weakness to execute code outside sandbox boundaries with full system privileges. No patch is currently available for this critical vulnerability.

Apple Path Traversal macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An authorization flaw in macOS allows applications to bypass state management controls and access sensitive user data without proper authorization. The vulnerability affects macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. While no CVSS score, EPSS data, or public exploit code is currently available, Apple has silently patched this issue across three major macOS versions, suggesting it posed a meaningful risk to user privacy and data confidentiality.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Protected system files on macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can be deleted by attackers with root privileges due to improper state management. This integrity-impacting vulnerability affects administrators and privileged users who could leverage elevated access to remove critical system components. No patch is currently available for this medium-severity issue.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.

Apple Information Disclosure macOS +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A privacy vulnerability in macOS Tahoe allows documents to be inadvertently written to temporary files during print preview operations, potentially exposing sensitive information to unauthorized access. This affects macOS versions prior to 26.4. An attacker with local file system access could retrieve unencrypted documents from temporary storage, circumventing user expectations of privacy during print operations.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A logic flaw in macOS Tahoe allows local users to elevate their privileges through improved checks that were insufficient in earlier versions. This vulnerability affects macOS versions prior to 26.4 and enables privilege escalation attacks from standard user accounts to higher privilege levels. Apple has patched this issue in macOS Tahoe 26.4, and no active exploitation or public proof-of-concept code has been reported.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An authorization bypass vulnerability in macOS allows applications to access sensitive user data through improper state management. The vulnerability affects macOS Sonoma 14.8.4 and earlier versions, as well as macOS Tahoe 26.3 and earlier, enabling unprivileged apps to circumvent authorization checks and obtain restricted user information. Apple has addressed this issue through patched releases, and no public exploitation activity or proof-of-concept code has been reported at this time.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Sandbox escape vulnerability in Apple iOS, iPadOS, macOS, and visionOS allows local attackers to break out of application sandboxes through improper path validation, potentially enabling unauthorized access to system resources and data. An attacker with local access could leverage this flaw to execute arbitrary operations outside application boundaries and bypass security restrictions. No patch is currently available for this critical vulnerability affecting multiple Apple platforms.

Apple Path Traversal macOS +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A permissions enforcement vulnerability in macOS allows applications to bypass file system protections and modify protected system files or directories through inadequate access controls. This affects macOS Sequoia (before 15.7.5), macOS Sonoma (before 14.8.5), and macOS Tahoe (before 26.4). Apple has addressed the issue by removing vulnerable code, and no active exploitation or proof-of-concept has been publicly disclosed at this time.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A kernel state information disclosure vulnerability exists across Apple's entire platform ecosystem that allows a malicious application to leak sensitive kernel memory without requiring elevated privileges. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Tahoe 26.4, and tvOS, visionOS, and watchOS 26.4. An attacker can craft a specially designed app that exploits improper authentication mechanisms to access protected kernel state, potentially exposing cryptographic keys, memory addresses, or other sensitive operating system internals that could be chained with other vulnerabilities.

Apple Information Disclosure macOS +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, and Tahoe 26.3 and earlier contain a race condition in state handling that allows local applications to escalate privileges to root. The vulnerability stems from improper synchronization during critical operations, enabling an attacker with local access to exploit the timing window and gain elevated system privileges. Patches have been released for affected macOS versions.

Apple Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A privacy vulnerability in Apple's Mail application allows the "Hide IP Address" and "Block All Remote Content" user preferences to fail inconsistently across certain mail content, potentially exposing user IP addresses and loading remote content despite explicit user configuration. This affects iOS, iPadOS, and multiple macOS versions. While no CVSS score or EPSS data is currently available and there is no indication of active exploitation in the wild (KEV status not listed), the vulnerability represents a direct circumvention of privacy controls that users explicitly enable to protect their identity and security posture.

Apple Information Disclosure macOS +1
NVD VulDB
Prev Page 6 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy