Apple
Monthly
Insufficient validation of environment variables in Apple's macOS, iOS, iPadOS, and visionOS allows local applications to read sensitive user data without user interaction. An attacker with the ability to run code on the affected device could exploit this to access confidential information through improperly sanitized environment variable handling. A patch is not currently available for this medium-severity vulnerability.
Privilege escalation vulnerability in Apple's macOS, iOS, iPadOS, and visionOS allows a malicious application to obtain root-level access through insufficient authorization checks. Local attackers with the ability to install or execute an app can exploit this to gain complete system control. No patch is currently available for this high-severity vulnerability affecting multiple Apple platforms.
Improper path validation in macOS and visionOS allows local attackers with user interaction to read sensitive user data through directory path manipulation. The vulnerability affects macOS Sequoia 15.7.3 and earlier, macOS Sonoma 14.8.3 and earlier, macOS Tahoe 26.2 and earlier, and visionOS 26.2 and earlier. No patch is currently available.
Improper input validation in macOS Sequoia, Tahoe, and Sonoma allows local applications to access sensitive user data through an injection attack that requires user interaction. An attacker with a malicious app could exploit this vulnerability to read confidential information on affected systems. No patch is currently available for this medium-severity issue.
macOS applications can bypass permission restrictions to access sensitive user data due to a permissions validation flaw affecting macOS versions prior to Tahoe 26.3. An attacker would need local access and user interaction to exploit this vulnerability, resulting in unauthorized disclosure of protected information without affecting system integrity or availability. This issue has been patched in macOS Tahoe 26.3.
Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.
Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.
macOS applications can access sensitive user data through insufficient log data redaction in Sequoia 15.7.3 and earlier, and Tahoe 26.2 and earlier. A local attacker with user interaction can exploit this information disclosure vulnerability to read confidential information that should be protected. No patch is currently available for this vulnerability.
macOS Tahoe versions prior to 26.3 contain an improper temporary file handling vulnerability that allows local authenticated applications to read sensitive user data. The vulnerability requires local access and valid user privileges but poses no risk to system integrity or availability. No patch is currently available for affected systems.
Unprivileged local users can exploit a race condition in Apple's operating systems (macOS, iOS, iPadOS, tvOS, and visionOS) to escalate privileges to root through improper state handling during concurrent operations. This vulnerability affects multiple OS versions and requires local access with low privileges to trigger, making it exploitable by malicious applications or local attackers. No patch is currently available for this vulnerability.
Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.
Local privilege escalation in Apple macOS, iOS, and iPadOS through improper path validation allows authenticated attackers to gain root privileges on affected devices. The vulnerability requires local access and user interaction is not required, making it exploitable by malicious applications already present on the system. No patch is currently available for this high-severity flaw affecting multiple Apple operating systems.
Improper path validation in macOS (Sequoia 15.7.3 and earlier, Tahoe 26.2 and earlier, Sonoma 14.8.3 and earlier) permits local authenticated users to escalate privileges to root through a malicious application. This path traversal vulnerability (CWE-22) has a CVSS score of 7.8 and currently lacks a publicly available patch.
Unauthorized data access in macOS Sequoia, Tahoe, and Sonoma allows locally-installed applications to read sensitive user information due to insufficient privacy validation checks. An attacker with the ability to install or control an application on an affected system can exploit this to access confidential data without user consent. A patch is currently unavailable for this medium-severity vulnerability.
Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.
Improper symlink handling in macOS Tahoe versions prior to 26.3 allows local authenticated users to escalate privileges to root. An attacker with local access can exploit this vulnerability to gain complete system control. No patch is currently available.
Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.
Denial of service in Apple macOS, iOS, and iPadOS results from improper state management when processing malicious web content, causing unexpected process crashes. Local attackers with user interaction can trigger this vulnerability to disrupt system availability. No patch is currently available.
Applications on Apple macOS and iOS platforms can circumvent user privacy preferences through a code execution vulnerability affecting multiple OS versions including Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4, and iOS 18.7.5. A local attacker with user interaction can exploit this to access sensitive user data or modify system settings protected by privacy controls. The vulnerability requires patching through official OS updates, as no workaround is currently available.
System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.
Root-privileged applications on macOS can bypass information redaction mechanisms to access sensitive user data due to inadequate access controls. This affects macOS Tahoe 26.3 and earlier versions, allowing a malicious or compromised privileged app to read private information that should be protected. No patch is currently available for this vulnerability.
macOS cache handling vulnerability CVE-2026-20602 allows local users with standard privileges to trigger a denial-of-service condition on affected systems running macOS Sonoma 14.8.4 and earlier, macOS Sequoia 15.7.4 and earlier, or macOS Tahoe 26.3 and earlier. No patch is currently available for this issue.
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 6.0 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 7.5 HIGH]
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. [CVSS 5.5 MEDIUM]
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]
Arbitrary code execution in OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 on macOS results from insecure PATH resolution when executing the ioreg system command during resource detection. A local attacker with the ability to modify the PATH environment variable can hijack the command search path and execute arbitrary code with the privileges of the affected application. The vulnerability is resolved in version 1.40.0 and later.
Native Access on macOS allows local authenticated attackers to inject malicious libraries into the privileged XPC helper process due to overly permissive code signing entitlements, enabling arbitrary code execution with system-level privileges. The vulnerability stems from the application being signed with dyld environment variable and library validation bypass entitlements while communicating with a trusted helper that validates only the signing certificate. Public exploit code exists, and no patch is currently available.
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. [CVSS 7.8 HIGH]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, macOS Tahoe 26.1. [CVSS 4.3 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. [CVSS 5.5 MEDIUM]
Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.
Macos versions up to 26.0 is affected by insertion of sensitive information into log file (CVSS 5.5).
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 5.3 MEDIUM]
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 2.4 LOW]
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 7.8 HIGH]
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. [CVSS 3.3 LOW]
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 4.3 MEDIUM]
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 6.5 MEDIUM]
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. [CVSS 5.5 MEDIUM]
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. [CVSS 4.3 MEDIUM]
AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Unicode right-to-left override (RTLO) characters in malicious websites can spoof filenames displayed in Firefox for iOS downloads UI, potentially tricking users into saving files with misleading extensions and types. Affects Firefox for iOS versions prior to 144.0; requires user interaction to download a file. The vulnerability has low real-world exploitation probability (EPSS 0.04%) despite the moderate CVSS score, as it relies on social engineering and user inattention rather than automatic code execution.
Local authenticated applications on iOS and iPadOS can access user-sensitive data due to insufficient entitlement checks, affecting iOS 18.7.2 and earlier and iPadOS 18.7.2 and earlier (as well as iOS 26.1 and iPadOS 26.1 and earlier). An attacker with app installation capability can exploit this vulnerability to bypass privacy controls and exfiltrate protected user information. No public exploit identified at time of analysis, though the 5.5 CVSS score and information disclosure classification indicate moderate real-world risk in targeted attack scenarios.
Local privilege escalation in Apple operating systems (iOS, iPadOS, macOS Tahoe, visionOS, watchOS) allows authenticated applications to bypass payment token access restrictions and obtain sensitive payment credentials. The vulnerability affects all versions prior to the 26.2 release across affected platforms. CVSS 5.5 with low real-world exploitation risk (EPSS 0.01%), no public exploit identified, not listed in CISA KEV.
A logic validation flaw in macOS Sonoma and Tahoe allows local authenticated apps to access sensitive user data through improved validation mechanisms that were previously insufficient. The vulnerability affects macOS Sonoma versions prior to 14.8.4 and macOS Tahoe prior to 26.2, requiring local access and valid user privileges (PR:L) to exploit. With an EPSS score of 0.02% and no public exploit code identified, the real-world exploitation probability remains minimal despite the CVSS 5.5 rating, though the high confidentiality impact (C:H) warrants timely patching for systems handling sensitive information.
Safari and macOS allow local authenticated applications to access sensitive user data through improper permission enforcement. The vulnerability affects Safari versions prior to 26.2 and macOS versions prior to Tahoe 26.2, exploitable by apps running with user-level privileges that can bypass authorization checks to read protected user information. Apple has released patched versions with additional permission validation; EPSS data indicates minimal real-world exploitation likelihood despite the authenticated local attack vector.
Installed app enumeration via permissions bypass in Apple operating systems allows a locally authenticated app to discover what other applications a user has installed through insufficient access controls. Affects iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Tahoe 26.1 and earlier, tvOS 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability has a low CVSS score (3.3) with extremely low exploitation probability (EPSS 0.02%) and no public exploit identified at time of analysis.
Local apps on Apple devices can access a user's Safari browsing history due to insufficient data redaction in system logging, affecting iOS, iPadOS, macOS Tahoe, and watchOS prior to version 26.2. An attacker with local app execution privileges can extract sensitive Safari history from system logs without user interaction. This vulnerability carries a 3.3 CVSS score with minimal real-world exploitation probability (EPSS 0.01%) and no known public exploits.
Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.
Memory corruption vulnerability in Apple's HID (Human Interface Device) input handling subsystem affecting iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A malicious HID device can trigger unexpected process crashes through improved input validation failures, resulting in denial of service. The vulnerability has a CVSS score of 5.7 (medium severity) with adjacent network attack vector and requires user interaction; no evidence of active exploitation or public POC is indicated in available intelligence.
Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.
WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users.
Apple Safari and macOS Lockdown Mode can be bypassed to access restricted Web APIs through maliciously crafted file URLs due to insufficient URL validation. Affects Safari 26.2 and macOS Tahoe 26.2 on systems with Lockdown Mode enabled. Remote attackers can potentially execute high-impact attacks leveraging APIs meant to be restricted in high-security configurations. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis. This represents a serious compromise of Apple's enhanced security feature designed to protect high-risk users from targeted attacks.
Unauthenticated access to Hidden Photos Album in Apple iOS, iPadOS, macOS, and visionOS allows remote attackers to view protected photos without authentication due to a configuration flaw. Fixed in iOS/iPadOS 26.2, macOS Tahoe 26.2, and visionOS 26.2. CVSS 9.8 (Critical) reflects network-based unauthenticated access, though EPSS of 0.13% (32nd percentile) suggests low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. This represents a privacy-critical authentication bypass affecting Apple's Photos app across all major platforms.
Improper file handling in macOS allows local applications to access protected user data through a logic flaw in the operating system's file access controls. The vulnerability affects macOS Sequoia, Sonoma, and Tahoe, requiring user interaction to trigger exploitation and resulting in unauthorized disclosure of sensitive information without the ability to modify or disable system access. Apple has released patched versions (macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2), with no public exploit code identified at time of analysis.
FaceTime caller ID spoofing vulnerability in Apple operating systems allows remote attackers to spoof their caller identity due to inconsistent user interface state management. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires no user interaction or authentication and carries low real-world exploitation risk (EPSS 0.07%, percentile 21%), with no public exploit code or active exploitation confirmed.
Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.
Local apps can access sensitive user data through improved privacy controls in Apple operating systems across iOS, iPadOS, macOS, visionOS, and watchOS. The vulnerability requires local network access and an authenticated user session (PR:L), limiting exposure to installed applications with explicit permissions. Confirmed patches are available across all affected platforms, and exploitation probability is very low (EPSS 0.02%), indicating this is a privacy-boundary issue rather than a critical security flaw.
Password field disclosure in Apple operating systems allows remote observation of credentials during FaceTime screen sharing sessions. Affects iOS/iPadOS 18.x through 18.7.2, iOS/iPadOS 26.0-26.1, macOS Sequoia through 15.7.2, macOS Tahoe through 26.1, and visionOS through 26.1. Attackers with network access to FaceTime sessions can view password fields that should be masked, creating credential exposure risk during remote support or collaboration scenarios. EPSS score of 0.03% (10th percentile) indicates low automated exploitation probability, and no public exploit identified at time of analysis.
Memory corruption via out-of-bounds write in Apple operating systems allows remote attackers to execute arbitrary code when victims process a malicious file. The vulnerability affects macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x), iOS/iPadOS (18.x, 26.x), tvOS, visionOS, and watchOS 26.x. Despite a high CVSS score of 8.8, EPSS data indicates only 0.05% exploitation probability (15th percentile), and no public exploit code or active exploitation is confirmed. The flaw stems from inadequate bounds checking (CWE-787) in file processing routines, requiring user interaction but no authentication, making it a realistic phishing or malicious download target.
Local apps can access sensitive user data through inadequate log redaction in Apple's operating systems, affecting iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, iOS 26.1 and earlier, iPadOS 26.1 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires local app execution with limited user privileges but no interaction, resulting in unauthorized read access to sensitive data stored in application logs. While EPSS probability is minimal (0.01%), the local attack vector and high confidentiality impact warrant patching in environments where untrusted apps may be installed.
Memory corruption in Apple operating systems due to insufficient bounds checking allows local authenticated users to cause denial of service through malicious data processing, affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability requires local access and user interaction, with no public exploit identified; EPSS score of 0.02% indicates minimal real-world exploitation probability despite the assigned CVSS score of 2.8.
Local apps on Apple macOS and iPadOS can access sensitive user data through inadequate information disclosure controls, requiring local execution and low-level user privileges. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, and macOS Tahoe 26.1 and earlier. Apple has released patched versions (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2) with improved access controls to restrict unauthorized data exposure. With an EPSS score of 0.02% (4th percentile) and no public exploit code identified at time of analysis, this represents a low real-world exploitation probability despite the moderate CVSS score.
Local privilege escalation in macOS Sequoia (pre-15.7.3) and macOS Tahoe (pre-26.2) allows authenticated users with low-level privileges to gain root access via a permissions flaw. Apple addressed the issue with additional restrictions in the latest updates. EPSS score of 0.01% indicates minimal observed exploitation activity, and no public exploit identified at time of analysis.
Local privilege escalation in macOS allows unprivileged applications to access sensitive user data through a permissions bypass. Affects macOS Sequoia versions prior to 15.7.3 and macOS Tahoe prior to 26.2. Attack requires local system access and user interaction (UI:R). EPSS exploitation probability is very low at 0.02%, and no public exploit code or active exploitation has been reported.
Intel-based Mac computers running macOS Sequoia prior to 15.7.3 or macOS Tahoe prior to 26.2 are vulnerable to a cryptographic downgrade attack that allows unprivileged local applications to bypass code-signing restrictions and access sensitive user data. The vulnerability exploits inadequate validation of signed components, enabling information disclosure through JWT or similar signed-data attacks. Active exploitation has not been confirmed, and the extremely low EPSS score (0.01%) indicates minimal real-world exploitation risk despite the local attack vector.
Local privilege escalation on Intel-based macOS systems allows unsigned or weakly-signed applications to access sensitive user data by downgrading code-signing protections through cryptographic validation bypass. The vulnerability affects macOS Sequoia prior to 15.7.3 and macOS Tahoe prior to 26.2, requires user interaction to execute a malicious app, and has an extremely low exploitation probability (EPSS 0.01%) despite moderate CVSS severity. No active exploitation or public exploit code has been identified.
Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1.
Local privilege escalation in macOS allows authenticated applications to access sensitive user data through insufficient permission restrictions on Sequoia, Sonoma, and Tahoe versions. The vulnerability requires local access and low-privilege user context but enables high-impact confidentiality compromise without requiring user interaction or elevated privileges to trigger. A vendor-released patch is available across all affected macOS versions.
Local privilege escalation in Apple's spellcheck API allows authenticated users to inappropriately access files on macOS, iOS, and related platforms through a logic flaw in access controls. Affected versions include macOS Sonoma 14.x and earlier, macOS Sequoia 15.7.2 and earlier, iOS 18.x and earlier, iPadOS 18.x and earlier, and watchOS 11.x and earlier. This vulnerability requires local access and user-level privileges but carries a low EPSS score (0.01%, percentile 3%) indicating minimal real-world exploitation likelihood at present. No public exploit code or active exploitation has been identified.
macOS logging system fails to redact protected user data from log entries, allowing local authenticated applications to access sensitive information through log files across Sequoia, Sonoma, and Tahoe versions. Apple addressed this privacy issue by improving data redaction mechanisms in patched versions (macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (3rd percentile), indicating minimal real-world risk despite local attack vector.
Session fixation in macOS Voice Control allows authenticated local users to transcribe another user's activity on the same system, disclosing sensitive information without user interaction. The vulnerability affects macOS Sequoia, Sonoma, and Tahoe and is fixed in versions 15.7.3, 14.8.3, and 26.2 respectively. Real-world risk is minimal due to low EPSS (0.01%), requirement for local access and prior authentication, and the need for Voice Control to be explicitly enabled.
Local arbitrary applications on macOS can read sensitive location information due to a permissions validation flaw (CWE-284), affecting macOS Sequoia, Sonoma, and Tahoe. The vulnerability requires user interaction to trigger but grants unauthorized access to location data without proper authorization checks. Apple has released patches in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, and macOS Tahoe 26.2 to remediate the issue by removing the vulnerable code. No public exploit or active exploitation has been confirmed.
Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.
Use-after-free memory corruption in Apple WebKit allows remote attackers to crash Safari and iOS/iPadOS applications via maliciously crafted web content, resulting in denial of service. The vulnerability affects Safari 26.2, iOS 18.7.2 and 26.2, iPadOS 18.7.2 and 26.2, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. No public exploit code has been identified, and the vulnerability is not confirmed as actively exploited; however, the network-accessible attack vector and low complexity make it a moderate priority despite the low EPSS score.
Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms.
Improper data access control in macOS allows local applications to read sensitive user data without explicit user consent, exploitable through user interaction. The vulnerability affects macOS Sequoia (before 15.7.3), macOS Sonoma (before 14.8.3), and macOS Tahoe (before 26.2). No public exploit code or active exploitation has been identified; EPSS probability is extremely low at 0.01%, indicating minimal real-world attack likelihood despite the moderate CVSS score.
Mail header parsing flaw in Apple operating systems allows unauthenticated remote attackers to trigger persistent denial-of-service conditions across iOS, iPadOS, macOS, visionOS, and watchOS platforms. The vulnerability affects all major Apple OS releases prior to January 2025 patches (iOS/iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Sonoma 14.8.2/Tahoe 26.1, visionOS 26.1, watchOS 26.1). With EPSS exploitation probability at 0.19% (41st percentile) and no public exploit identified at time of analysis, real-world risk appears moderate despite the 7.5 CVSS score.
Insufficient validation of environment variables in Apple's macOS, iOS, iPadOS, and visionOS allows local applications to read sensitive user data without user interaction. An attacker with the ability to run code on the affected device could exploit this to access confidential information through improperly sanitized environment variable handling. A patch is not currently available for this medium-severity vulnerability.
Privilege escalation vulnerability in Apple's macOS, iOS, iPadOS, and visionOS allows a malicious application to obtain root-level access through insufficient authorization checks. Local attackers with the ability to install or execute an app can exploit this to gain complete system control. No patch is currently available for this high-severity vulnerability affecting multiple Apple platforms.
Improper path validation in macOS and visionOS allows local attackers with user interaction to read sensitive user data through directory path manipulation. The vulnerability affects macOS Sequoia 15.7.3 and earlier, macOS Sonoma 14.8.3 and earlier, macOS Tahoe 26.2 and earlier, and visionOS 26.2 and earlier. No patch is currently available.
Improper input validation in macOS Sequoia, Tahoe, and Sonoma allows local applications to access sensitive user data through an injection attack that requires user interaction. An attacker with a malicious app could exploit this vulnerability to read confidential information on affected systems. No patch is currently available for this medium-severity issue.
macOS applications can bypass permission restrictions to access sensitive user data due to a permissions validation flaw affecting macOS versions prior to Tahoe 26.3. An attacker would need local access and user interaction to exploit this vulnerability, resulting in unauthorized disclosure of protected information without affecting system integrity or availability. This issue has been patched in macOS Tahoe 26.3.
Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.
Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.
macOS applications can access sensitive user data through insufficient log data redaction in Sequoia 15.7.3 and earlier, and Tahoe 26.2 and earlier. A local attacker with user interaction can exploit this information disclosure vulnerability to read confidential information that should be protected. No patch is currently available for this vulnerability.
macOS Tahoe versions prior to 26.3 contain an improper temporary file handling vulnerability that allows local authenticated applications to read sensitive user data. The vulnerability requires local access and valid user privileges but poses no risk to system integrity or availability. No patch is currently available for affected systems.
Unprivileged local users can exploit a race condition in Apple's operating systems (macOS, iOS, iPadOS, tvOS, and visionOS) to escalate privileges to root through improper state handling during concurrent operations. This vulnerability affects multiple OS versions and requires local access with low privileges to trigger, making it exploitable by malicious applications or local attackers. No patch is currently available for this vulnerability.
Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.
Local privilege escalation in Apple macOS, iOS, and iPadOS through improper path validation allows authenticated attackers to gain root privileges on affected devices. The vulnerability requires local access and user interaction is not required, making it exploitable by malicious applications already present on the system. No patch is currently available for this high-severity flaw affecting multiple Apple operating systems.
Improper path validation in macOS (Sequoia 15.7.3 and earlier, Tahoe 26.2 and earlier, Sonoma 14.8.3 and earlier) permits local authenticated users to escalate privileges to root through a malicious application. This path traversal vulnerability (CWE-22) has a CVSS score of 7.8 and currently lacks a publicly available patch.
Unauthorized data access in macOS Sequoia, Tahoe, and Sonoma allows locally-installed applications to read sensitive user information due to insufficient privacy validation checks. An attacker with the ability to install or control an application on an affected system can exploit this to access confidential data without user consent. A patch is currently unavailable for this medium-severity vulnerability.
Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.
Improper symlink handling in macOS Tahoe versions prior to 26.3 allows local authenticated users to escalate privileges to root. An attacker with local access can exploit this vulnerability to gain complete system control. No patch is currently available.
Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.
Denial of service in Apple macOS, iOS, and iPadOS results from improper state management when processing malicious web content, causing unexpected process crashes. Local attackers with user interaction can trigger this vulnerability to disrupt system availability. No patch is currently available.
Applications on Apple macOS and iOS platforms can circumvent user privacy preferences through a code execution vulnerability affecting multiple OS versions including Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4, and iOS 18.7.5. A local attacker with user interaction can exploit this to access sensitive user data or modify system settings protected by privacy controls. The vulnerability requires patching through official OS updates, as no workaround is currently available.
System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.
Root-privileged applications on macOS can bypass information redaction mechanisms to access sensitive user data due to inadequate access controls. This affects macOS Tahoe 26.3 and earlier versions, allowing a malicious or compromised privileged app to read private information that should be protected. No patch is currently available for this vulnerability.
macOS cache handling vulnerability CVE-2026-20602 allows local users with standard privileges to trigger a denial-of-service condition on affected systems running macOS Sonoma 14.8.4 and earlier, macOS Sequoia 15.7.4 and earlier, or macOS Tahoe 26.3 and earlier. No patch is currently available for this issue.
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. [CVSS 3.3 LOW]
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 6.0 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 7.5 HIGH]
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. [CVSS 5.5 MEDIUM]
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]
Arbitrary code execution in OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 on macOS results from insecure PATH resolution when executing the ioreg system command during resource detection. A local attacker with the ability to modify the PATH environment variable can hijack the command search path and execute arbitrary code with the privileges of the affected application. The vulnerability is resolved in version 1.40.0 and later.
Native Access on macOS allows local authenticated attackers to inject malicious libraries into the privileged XPC helper process due to overly permissive code signing entitlements, enabling arbitrary code execution with system-level privileges. The vulnerability stems from the application being signed with dyld environment variable and library validation bypass entitlements while communicating with a trusted helper that validates only the signing certificate. Public exploit code exists, and no patch is currently available.
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. [CVSS 7.8 HIGH]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, macOS Tahoe 26.1. [CVSS 4.3 MEDIUM]
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. [CVSS 5.5 MEDIUM]
Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.
Macos versions up to 26.0 is affected by insertion of sensitive information into log file (CVSS 5.5).
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 5.3 MEDIUM]
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 2.4 LOW]
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 7.8 HIGH]
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. [CVSS 3.3 LOW]
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 4.3 MEDIUM]
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 6.5 MEDIUM]
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. [CVSS 5.5 MEDIUM]
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. [CVSS 4.3 MEDIUM]
AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Unicode right-to-left override (RTLO) characters in malicious websites can spoof filenames displayed in Firefox for iOS downloads UI, potentially tricking users into saving files with misleading extensions and types. Affects Firefox for iOS versions prior to 144.0; requires user interaction to download a file. The vulnerability has low real-world exploitation probability (EPSS 0.04%) despite the moderate CVSS score, as it relies on social engineering and user inattention rather than automatic code execution.
Local authenticated applications on iOS and iPadOS can access user-sensitive data due to insufficient entitlement checks, affecting iOS 18.7.2 and earlier and iPadOS 18.7.2 and earlier (as well as iOS 26.1 and iPadOS 26.1 and earlier). An attacker with app installation capability can exploit this vulnerability to bypass privacy controls and exfiltrate protected user information. No public exploit identified at time of analysis, though the 5.5 CVSS score and information disclosure classification indicate moderate real-world risk in targeted attack scenarios.
Local privilege escalation in Apple operating systems (iOS, iPadOS, macOS Tahoe, visionOS, watchOS) allows authenticated applications to bypass payment token access restrictions and obtain sensitive payment credentials. The vulnerability affects all versions prior to the 26.2 release across affected platforms. CVSS 5.5 with low real-world exploitation risk (EPSS 0.01%), no public exploit identified, not listed in CISA KEV.
A logic validation flaw in macOS Sonoma and Tahoe allows local authenticated apps to access sensitive user data through improved validation mechanisms that were previously insufficient. The vulnerability affects macOS Sonoma versions prior to 14.8.4 and macOS Tahoe prior to 26.2, requiring local access and valid user privileges (PR:L) to exploit. With an EPSS score of 0.02% and no public exploit code identified, the real-world exploitation probability remains minimal despite the CVSS 5.5 rating, though the high confidentiality impact (C:H) warrants timely patching for systems handling sensitive information.
Safari and macOS allow local authenticated applications to access sensitive user data through improper permission enforcement. The vulnerability affects Safari versions prior to 26.2 and macOS versions prior to Tahoe 26.2, exploitable by apps running with user-level privileges that can bypass authorization checks to read protected user information. Apple has released patched versions with additional permission validation; EPSS data indicates minimal real-world exploitation likelihood despite the authenticated local attack vector.
Installed app enumeration via permissions bypass in Apple operating systems allows a locally authenticated app to discover what other applications a user has installed through insufficient access controls. Affects iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Tahoe 26.1 and earlier, tvOS 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability has a low CVSS score (3.3) with extremely low exploitation probability (EPSS 0.02%) and no public exploit identified at time of analysis.
Local apps on Apple devices can access a user's Safari browsing history due to insufficient data redaction in system logging, affecting iOS, iPadOS, macOS Tahoe, and watchOS prior to version 26.2. An attacker with local app execution privileges can extract sensitive Safari history from system logs without user interaction. This vulnerability carries a 3.3 CVSS score with minimal real-world exploitation probability (EPSS 0.01%) and no known public exploits.
Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.
Memory corruption vulnerability in Apple's HID (Human Interface Device) input handling subsystem affecting iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A malicious HID device can trigger unexpected process crashes through improved input validation failures, resulting in denial of service. The vulnerability has a CVSS score of 5.7 (medium severity) with adjacent network attack vector and requires user interaction; no evidence of active exploitation or public POC is indicated in available intelligence.
Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.
WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users.
Apple Safari and macOS Lockdown Mode can be bypassed to access restricted Web APIs through maliciously crafted file URLs due to insufficient URL validation. Affects Safari 26.2 and macOS Tahoe 26.2 on systems with Lockdown Mode enabled. Remote attackers can potentially execute high-impact attacks leveraging APIs meant to be restricted in high-security configurations. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis. This represents a serious compromise of Apple's enhanced security feature designed to protect high-risk users from targeted attacks.
Unauthenticated access to Hidden Photos Album in Apple iOS, iPadOS, macOS, and visionOS allows remote attackers to view protected photos without authentication due to a configuration flaw. Fixed in iOS/iPadOS 26.2, macOS Tahoe 26.2, and visionOS 26.2. CVSS 9.8 (Critical) reflects network-based unauthenticated access, though EPSS of 0.13% (32nd percentile) suggests low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. This represents a privacy-critical authentication bypass affecting Apple's Photos app across all major platforms.
Improper file handling in macOS allows local applications to access protected user data through a logic flaw in the operating system's file access controls. The vulnerability affects macOS Sequoia, Sonoma, and Tahoe, requiring user interaction to trigger exploitation and resulting in unauthorized disclosure of sensitive information without the ability to modify or disable system access. Apple has released patched versions (macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2), with no public exploit code identified at time of analysis.
FaceTime caller ID spoofing vulnerability in Apple operating systems allows remote attackers to spoof their caller identity due to inconsistent user interface state management. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires no user interaction or authentication and carries low real-world exploitation risk (EPSS 0.07%, percentile 21%), with no public exploit code or active exploitation confirmed.
Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.
Local apps can access sensitive user data through improved privacy controls in Apple operating systems across iOS, iPadOS, macOS, visionOS, and watchOS. The vulnerability requires local network access and an authenticated user session (PR:L), limiting exposure to installed applications with explicit permissions. Confirmed patches are available across all affected platforms, and exploitation probability is very low (EPSS 0.02%), indicating this is a privacy-boundary issue rather than a critical security flaw.
Password field disclosure in Apple operating systems allows remote observation of credentials during FaceTime screen sharing sessions. Affects iOS/iPadOS 18.x through 18.7.2, iOS/iPadOS 26.0-26.1, macOS Sequoia through 15.7.2, macOS Tahoe through 26.1, and visionOS through 26.1. Attackers with network access to FaceTime sessions can view password fields that should be masked, creating credential exposure risk during remote support or collaboration scenarios. EPSS score of 0.03% (10th percentile) indicates low automated exploitation probability, and no public exploit identified at time of analysis.
Memory corruption via out-of-bounds write in Apple operating systems allows remote attackers to execute arbitrary code when victims process a malicious file. The vulnerability affects macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x), iOS/iPadOS (18.x, 26.x), tvOS, visionOS, and watchOS 26.x. Despite a high CVSS score of 8.8, EPSS data indicates only 0.05% exploitation probability (15th percentile), and no public exploit code or active exploitation is confirmed. The flaw stems from inadequate bounds checking (CWE-787) in file processing routines, requiring user interaction but no authentication, making it a realistic phishing or malicious download target.
Local apps can access sensitive user data through inadequate log redaction in Apple's operating systems, affecting iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, iOS 26.1 and earlier, iPadOS 26.1 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires local app execution with limited user privileges but no interaction, resulting in unauthorized read access to sensitive data stored in application logs. While EPSS probability is minimal (0.01%), the local attack vector and high confidentiality impact warrant patching in environments where untrusted apps may be installed.
Memory corruption in Apple operating systems due to insufficient bounds checking allows local authenticated users to cause denial of service through malicious data processing, affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability requires local access and user interaction, with no public exploit identified; EPSS score of 0.02% indicates minimal real-world exploitation probability despite the assigned CVSS score of 2.8.
Local apps on Apple macOS and iPadOS can access sensitive user data through inadequate information disclosure controls, requiring local execution and low-level user privileges. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, and macOS Tahoe 26.1 and earlier. Apple has released patched versions (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2) with improved access controls to restrict unauthorized data exposure. With an EPSS score of 0.02% (4th percentile) and no public exploit code identified at time of analysis, this represents a low real-world exploitation probability despite the moderate CVSS score.
Local privilege escalation in macOS Sequoia (pre-15.7.3) and macOS Tahoe (pre-26.2) allows authenticated users with low-level privileges to gain root access via a permissions flaw. Apple addressed the issue with additional restrictions in the latest updates. EPSS score of 0.01% indicates minimal observed exploitation activity, and no public exploit identified at time of analysis.
Local privilege escalation in macOS allows unprivileged applications to access sensitive user data through a permissions bypass. Affects macOS Sequoia versions prior to 15.7.3 and macOS Tahoe prior to 26.2. Attack requires local system access and user interaction (UI:R). EPSS exploitation probability is very low at 0.02%, and no public exploit code or active exploitation has been reported.
Intel-based Mac computers running macOS Sequoia prior to 15.7.3 or macOS Tahoe prior to 26.2 are vulnerable to a cryptographic downgrade attack that allows unprivileged local applications to bypass code-signing restrictions and access sensitive user data. The vulnerability exploits inadequate validation of signed components, enabling information disclosure through JWT or similar signed-data attacks. Active exploitation has not been confirmed, and the extremely low EPSS score (0.01%) indicates minimal real-world exploitation risk despite the local attack vector.
Local privilege escalation on Intel-based macOS systems allows unsigned or weakly-signed applications to access sensitive user data by downgrading code-signing protections through cryptographic validation bypass. The vulnerability affects macOS Sequoia prior to 15.7.3 and macOS Tahoe prior to 26.2, requires user interaction to execute a malicious app, and has an extremely low exploitation probability (EPSS 0.01%) despite moderate CVSS severity. No active exploitation or public exploit code has been identified.
Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1.
Local privilege escalation in macOS allows authenticated applications to access sensitive user data through insufficient permission restrictions on Sequoia, Sonoma, and Tahoe versions. The vulnerability requires local access and low-privilege user context but enables high-impact confidentiality compromise without requiring user interaction or elevated privileges to trigger. A vendor-released patch is available across all affected macOS versions.
Local privilege escalation in Apple's spellcheck API allows authenticated users to inappropriately access files on macOS, iOS, and related platforms through a logic flaw in access controls. Affected versions include macOS Sonoma 14.x and earlier, macOS Sequoia 15.7.2 and earlier, iOS 18.x and earlier, iPadOS 18.x and earlier, and watchOS 11.x and earlier. This vulnerability requires local access and user-level privileges but carries a low EPSS score (0.01%, percentile 3%) indicating minimal real-world exploitation likelihood at present. No public exploit code or active exploitation has been identified.
macOS logging system fails to redact protected user data from log entries, allowing local authenticated applications to access sensitive information through log files across Sequoia, Sonoma, and Tahoe versions. Apple addressed this privacy issue by improving data redaction mechanisms in patched versions (macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (3rd percentile), indicating minimal real-world risk despite local attack vector.
Session fixation in macOS Voice Control allows authenticated local users to transcribe another user's activity on the same system, disclosing sensitive information without user interaction. The vulnerability affects macOS Sequoia, Sonoma, and Tahoe and is fixed in versions 15.7.3, 14.8.3, and 26.2 respectively. Real-world risk is minimal due to low EPSS (0.01%), requirement for local access and prior authentication, and the need for Voice Control to be explicitly enabled.
Local arbitrary applications on macOS can read sensitive location information due to a permissions validation flaw (CWE-284), affecting macOS Sequoia, Sonoma, and Tahoe. The vulnerability requires user interaction to trigger but grants unauthorized access to location data without proper authorization checks. Apple has released patches in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, and macOS Tahoe 26.2 to remediate the issue by removing the vulnerable code. No public exploit or active exploitation has been confirmed.
Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.
Use-after-free memory corruption in Apple WebKit allows remote attackers to crash Safari and iOS/iPadOS applications via maliciously crafted web content, resulting in denial of service. The vulnerability affects Safari 26.2, iOS 18.7.2 and 26.2, iPadOS 18.7.2 and 26.2, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. No public exploit code has been identified, and the vulnerability is not confirmed as actively exploited; however, the network-accessible attack vector and low complexity make it a moderate priority despite the low EPSS score.
Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms.
Improper data access control in macOS allows local applications to read sensitive user data without explicit user consent, exploitable through user interaction. The vulnerability affects macOS Sequoia (before 15.7.3), macOS Sonoma (before 14.8.3), and macOS Tahoe (before 26.2). No public exploit code or active exploitation has been identified; EPSS probability is extremely low at 0.01%, indicating minimal real-world attack likelihood despite the moderate CVSS score.
Mail header parsing flaw in Apple operating systems allows unauthenticated remote attackers to trigger persistent denial-of-service conditions across iOS, iPadOS, macOS, visionOS, and watchOS platforms. The vulnerability affects all major Apple OS releases prior to January 2025 patches (iOS/iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Sonoma 14.8.2/Tahoe 26.1, visionOS 26.1, watchOS 26.1). With EPSS exploitation probability at 0.19% (41st percentile) and no public exploit identified at time of analysis, real-world risk appears moderate despite the 7.5 CVSS score.