iOS
Monthly
A local privilege escalation vulnerability in Apple's Keychain implementation allows an attacker with local access to bypass permissions checking and retrieve sensitive stored credentials and secrets. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploitation has been confirmed, and patched versions are now available across all affected platforms.
An authorization and state management flaw in Apple's WebKit browser engine allows maliciously crafted webpages to fingerprint users by exploiting improper state handling during web interactions. This vulnerability affects Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 across all Apple platforms. An attacker can exploit this by hosting a specially crafted webpage that leverages the state management weakness to extract browser or device identifiers without user knowledge, enabling user tracking and profiling attacks. No CVSS score, EPSS data, or public proof-of-concept details are currently available, though Apple has released fixes across all affected platforms.
A logging issue in Apple's operating systems allows improper data redaction in system logs, enabling installed applications to access sensitive user data that should have been masked. This vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.3 and earlier, iPadOS 26.3 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.3 and earlier, and visionOS 26.3 and earlier. An attacker with the ability to install or control an application on an affected device could exploit inadequate log data filtering to extract confidential user information that should be protected by the operating system's redaction mechanisms.
Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).
A path handling vulnerability in iOS and iPadOS allows users with physical access to an iOS device to bypass Activation Lock through improved validation gaps in path handling logic. This authentication bypass affects iOS versions prior to 18.7.7 and 26.2, as well as corresponding iPadOS releases. While no CVSS score or EPSS data is publicly available, the physical access requirement and authentication bypass nature indicate a meaningful risk to device security and stolen device protection.
A logging issue in Apple's operating systems allows improper data redaction, potentially enabling applications to disclose kernel memory contents. This information disclosure vulnerability affects iOS and iPadOS (versions prior to 18.7.7 and 26.4), macOS (Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4), visionOS 26.4, and watchOS 26.4. An untrusted application with standard execution privileges could exploit this to read sensitive kernel memory that should have been redacted from logs, potentially exposing cryptographic material, memory addresses useful for ASLR bypass, or other privileged information. No CVSS score, EPSS data, or public proof-of-concept has been disclosed at this time, and this does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Memory corruption in Apple Safari, iOS, iPadOS, macOS, and visionOS allows remote attackers to crash affected processes by delivering maliciously crafted web content to users. The vulnerability requires user interaction to view the malicious content and does not enable code execution or information disclosure. A patch is currently unavailable for this issue.
Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are vulnerable to a stack overflow vulnerability that can be triggered by user interaction with a malicious app, potentially causing denial-of-service conditions. The vulnerability stems from insufficient input validation and affects multiple recent OS versions across Apple's product ecosystem. While no patch is currently available, users should exercise caution when installing apps from untrusted sources.
This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.
Denial-of-service attacks against multiple Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) result from improper null pointer handling that allows attackers in privileged network positions to crash affected systems. An attacker exploiting this CWE-476 vulnerability can render devices unavailable without user interaction. No patch is currently available, requiring users to apply mitigations until updates are released.
An input validation flaw in iOS and iPadOS allows malicious applications to bypass security controls and access sensitive user data without proper authorization. The vulnerability affects iOS and iPadOS versions prior to 26.3, where insufficient input validation in an unspecified component permits unauthorized data disclosure. Apple has patched this vulnerability in iOS 26.3 and iPadOS 26.3, and there are no public indicators of active exploitation or proof-of-concept availability.
Maliciously crafted media files containing out-of-bounds memory access in Apple's audio processing can crash affected applications across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. An attacker can trigger a denial of service by triggering the vulnerability through a specially crafted audio stream, though no patch is currently available. This impacts multiple recent OS versions where an out-of-bounds read occurs during media file processing.
Improper state management in Apple's authentication mechanisms across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows attackers positioned on a network to intercept and potentially manipulate encrypted traffic. An attacker with privileged network access can exploit this vulnerability to conduct man-in-the-middle attacks without user interaction, compromising the confidentiality of communications. No patch is currently available for this high-severity flaw.
Unpatched denial-of-service vulnerability in Apple iOS and iPadOS allows unauthenticated remote attackers to crash applications due to insufficient input validation. The vulnerability requires no user interaction and affects all versions prior to 26.4, with no security patch currently available.
Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption.
A sandbox escape vulnerability in Apple's WebKit browser engine allows malicious websites to process restricted web content outside the security sandbox, potentially enabling unauthorized access to protected system resources. The vulnerability affects Safari and all Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has addressed this issue through improved memory handling in Safari 26.4 and corresponding OS updates across all affected platforms.
iOS and iPadOS devices are vulnerable to denial-of-service attacks due to insufficient buffer bounds checking that allows remote attackers to crash affected systems without authentication. The vulnerability affects iOS 26.4 and earlier versions, requiring network access but no user interaction. No patch is currently available for this HIGH severity issue.
Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.
A permissions enforcement vulnerability in Apple's operating systems allows applications to bypass access controls and read protected user data without proper authorization. The issue affects iOS and iPadOS versions prior to 26.3, and macOS Tahoe prior to 26.3. An attacker with a malicious app could exploit insufficient permission restrictions to access sensitive user information such as contacts, location data, photos, or other protected resources that should require explicit user consent.
Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS contain a use-after-free vulnerability that could allow remote attackers to crash affected applications by processing maliciously crafted web content. The vulnerability stems from improper memory management and requires user interaction to exploit. No patch is currently available, leaving users vulnerable until official updates are released.
A permissions enforcement vulnerability in Apple operating systems allows unauthorized enumeration of installed applications on a user's device. This information disclosure issue affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker with the ability to execute code as an installed application could enumerate the complete list of user-installed applications without explicit user permission, enabling targeted attacks, privacy violations, and device profiling.
This vulnerability allows an attacker with physical access to a locked Apple device to view sensitive user information through an authentication bypass. The issue affects iOS and iPadOS versions prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4 across all affected device lines. Apple has patched this through improved authentication mechanisms, and while no CVSS score, EPSS data, or known exploits-in-the-wild status are publicly disclosed, the physical access requirement and information disclosure impact characterize this as a moderate-priority security update for users in environments with theft or unauthorized device access risks.
A bypass vulnerability exists in iOS and iPadOS Stolen Device Protection that allows an attacker with physical access to an iOS device to circumvent biometric authentication and access protected apps using only the device passcode. This vulnerability affects devices running iOS and iPadOS versions prior to 26.4, where Stolen Device Protection is enabled. An attacker gaining physical possession of a locked device can exploit this flaw to access biometrics-gated Protected Apps, effectively defeating the intended security mechanism that requires biometric verification (Face ID or Touch ID) in addition to the passcode for sensitive app access.
Denial of service in Apple iOS, iPadOS, and macOS due to a use-after-free memory corruption vulnerability allows local attackers to trigger unexpected system termination. The flaw affects multiple Apple platforms including iOS 18.x, macOS Sequoia, Sonoma, and Tahoe versions. No patch is currently available.
Improper path validation in Apple's operating systems (iOS, iPadOS, macOS, and visionOS) allows applications to bypass directory access restrictions and read sensitive user data without user interaction. An attacker with a malicious app could exploit this parsing weakness to access confidential information across affected Apple devices. No patch is currently available, though Apple has released fixed versions across its product line.
This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.
This vulnerability is a memory handling flaw in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) that allows a malicious application to trigger unexpected system termination or corrupt kernel memory. The vulnerability affects all versions prior to the version 26.4 releases across Apple's entire ecosystem. An attacker can exploit this by crafting a malicious app that triggers improper memory handling, potentially leading to denial of service or privilege escalation through kernel memory corruption.
Remote attackers can trigger denial-of-service conditions against multiple Apple operating systems (iOS, iPadOS, macOS variants) through network requests that bypass insufficient input validation. The vulnerability affects iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. No patch is currently available for this high-severity vulnerability with a 7.5 CVSS score.
This vulnerability affects Apple's Safari browser and related Apple operating systems (iOS, iPadOS, macOS Tahoe, and visionOS) due to improper memory handling when processing maliciously crafted web content. The flaw can lead to unexpected process crashes, resulting in a denial of service condition affecting all users of the impacted Safari versions and OS versions below 26.4. While no CVSS score or EPSS data is currently published, the vulnerability has been patched by Apple, suggesting it was discovered through internal security review or responsible disclosure rather than active exploitation.
A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.
Sandbox escape vulnerability in Apple iOS, iPadOS, macOS, and visionOS allows local attackers to break out of application sandboxes through improper path validation, potentially enabling unauthorized access to system resources and data. An attacker with local access could leverage this flaw to execute arbitrary operations outside application boundaries and bypass security restrictions. No patch is currently available for this critical vulnerability affecting multiple Apple platforms.
A kernel state information disclosure vulnerability exists across Apple's entire platform ecosystem that allows a malicious application to leak sensitive kernel memory without requiring elevated privileges. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Tahoe 26.4, and tvOS, visionOS, and watchOS 26.4. An attacker can craft a specially designed app that exploits improper authentication mechanisms to access protected kernel state, potentially exposing cryptographic keys, memory addresses, or other sensitive operating system internals that could be chained with other vulnerabilities.
A privacy vulnerability in Apple's Mail application allows the "Hide IP Address" and "Block All Remote Content" user preferences to fail inconsistently across certain mail content, potentially exposing user IP addresses and loading remote content despite explicit user configuration. This affects iOS, iPadOS, and multiple macOS versions. While no CVSS score or EPSS data is currently available and there is no indication of active exploitation in the wild (KEV status not listed), the vulnerability represents a direct circumvention of privacy controls that users explicitly enable to protect their identity and security posture.
A man-in-the-middle vulnerability in Cryptomator for iOS versions prior to 2.8.3 allows attackers who can modify the vault.cryptomator configuration file to intercept authentication tokens by substituting malicious API endpoints while maintaining legitimate authentication endpoints. This affects users unlocking Hub-backed vaults in environments where attackers have write access to vault configuration files. No evidence of active exploitation (not in CISA KEV) has been reported, and patches are available.
A denial of service vulnerability in A cross-origin (CVSS 5.4). Remediation should follow standard vulnerability management procedures.
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. [CVSS 8.8 HIGH]
Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
OpenClaw's mDNS/Bonjour discovery beacons transmit unauthenticated TXT records that iOS, macOS, and Android clients treat as authoritative for routing and TLS certificate pinning, allowing an attacker on a shared LAN to advertise a rogue service and redirect connections to attacker-controlled endpoints. An attacker can exploit this to bypass TLS pinning validation and potentially capture Gateway credentials through man-in-the-middle attacks. The vulnerability affects OpenClaw versions prior to 2026.2.14 and requires network proximity but no user interaction.
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.
Deleted notes on affected Apple iOS and iPadOS devices remain accessible due to improper state management, allowing unauthenticated remote attackers to discover sensitive deleted content without user interaction. This information disclosure vulnerability affects iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5, with no patch currently available for earlier versions.
iOS and iPadOS devices expose sensitive user information to attackers with physical access to locked devices due to improper data handling in the system. The vulnerability allows unauthorized viewing of confidential information without requiring authentication or user interaction. Apple patched this information disclosure flaw in iOS 26.3 and iPadOS 26.3.
An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 2.4 LOW]
iPhone Mirroring in iOS and iPadOS allows an attacker with physical device access to bypass UI protections and capture screenshots containing sensitive information that should remain hidden during the mirroring session. The vulnerability stems from insufficient state management in the user interface, enabling unauthorized viewing of private data on the iPhone while it is being mirrored to a Mac. No patch is currently available for this medium-severity issue.
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 5.5 MEDIUM]
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. [CVSS 5.5 MEDIUM]
data exposed depends on the last application view displayed versions up to 4.71.0 contains a security vulnerability.
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. [CVSS 5.5 MEDIUM]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 5.3 MEDIUM]
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 2.4 LOW]
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. [CVSS 4.3 MEDIUM]
Local authenticated applications on iOS and iPadOS can access user-sensitive data due to insufficient entitlement checks, affecting iOS 18.7.2 and earlier and iPadOS 18.7.2 and earlier (as well as iOS 26.1 and iPadOS 26.1 and earlier). An attacker with app installation capability can exploit this vulnerability to bypass privacy controls and exfiltrate protected user information. No public exploit identified at time of analysis, though the 5.5 CVSS score and information disclosure classification indicate moderate real-world risk in targeted attack scenarios.
Local privilege escalation in Apple operating systems (iOS, iPadOS, macOS Tahoe, visionOS, watchOS) allows authenticated applications to bypass payment token access restrictions and obtain sensitive payment credentials. The vulnerability affects all versions prior to the 26.2 release across affected platforms. CVSS 5.5 with low real-world exploitation risk (EPSS 0.01%), no public exploit identified, not listed in CISA KEV.
Installed app enumeration via permissions bypass in Apple operating systems allows a locally authenticated app to discover what other applications a user has installed through insufficient access controls. Affects iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Tahoe 26.1 and earlier, tvOS 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability has a low CVSS score (3.3) with extremely low exploitation probability (EPSS 0.02%) and no public exploit identified at time of analysis.
Local apps on Apple devices can access a user's Safari browsing history due to insufficient data redaction in system logging, affecting iOS, iPadOS, macOS Tahoe, and watchOS prior to version 26.2. An attacker with local app execution privileges can extract sensitive Safari history from system logs without user interaction. This vulnerability carries a 3.3 CVSS score with minimal real-world exploitation probability (EPSS 0.01%) and no known public exploits.
Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.
Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.
Unauthenticated access to Hidden Photos Album in Apple iOS, iPadOS, macOS, and visionOS allows remote attackers to view protected photos without authentication due to a configuration flaw. Fixed in iOS/iPadOS 26.2, macOS Tahoe 26.2, and visionOS 26.2. CVSS 9.8 (Critical) reflects network-based unauthenticated access, though EPSS of 0.13% (32nd percentile) suggests low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. This represents a privacy-critical authentication bypass affecting Apple's Photos app across all major platforms.
FaceTime caller ID spoofing vulnerability in Apple operating systems allows remote attackers to spoof their caller identity due to inconsistent user interface state management. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires no user interaction or authentication and carries low real-world exploitation risk (EPSS 0.07%, percentile 21%), with no public exploit code or active exploitation confirmed.
Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.
Local apps can access sensitive user data through improved privacy controls in Apple operating systems across iOS, iPadOS, macOS, visionOS, and watchOS. The vulnerability requires local network access and an authenticated user session (PR:L), limiting exposure to installed applications with explicit permissions. Confirmed patches are available across all affected platforms, and exploitation probability is very low (EPSS 0.02%), indicating this is a privacy-boundary issue rather than a critical security flaw.
Password field disclosure in Apple operating systems allows remote observation of credentials during FaceTime screen sharing sessions. Affects iOS/iPadOS 18.x through 18.7.2, iOS/iPadOS 26.0-26.1, macOS Sequoia through 15.7.2, macOS Tahoe through 26.1, and visionOS through 26.1. Attackers with network access to FaceTime sessions can view password fields that should be masked, creating credential exposure risk during remote support or collaboration scenarios. EPSS score of 0.03% (10th percentile) indicates low automated exploitation probability, and no public exploit identified at time of analysis.
Memory corruption via out-of-bounds write in Apple operating systems allows remote attackers to execute arbitrary code when victims process a malicious file. The vulnerability affects macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x), iOS/iPadOS (18.x, 26.x), tvOS, visionOS, and watchOS 26.x. Despite a high CVSS score of 8.8, EPSS data indicates only 0.05% exploitation probability (15th percentile), and no public exploit code or active exploitation is confirmed. The flaw stems from inadequate bounds checking (CWE-787) in file processing routines, requiring user interaction but no authentication, making it a realistic phishing or malicious download target.
Local apps can access sensitive user data through inadequate log redaction in Apple's operating systems, affecting iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, iOS 26.1 and earlier, iPadOS 26.1 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires local app execution with limited user privileges but no interaction, resulting in unauthorized read access to sensitive data stored in application logs. While EPSS probability is minimal (0.01%), the local attack vector and high confidentiality impact warrant patching in environments where untrusted apps may be installed.
Memory corruption in Apple operating systems due to insufficient bounds checking allows local authenticated users to cause denial of service through malicious data processing, affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability requires local access and user interaction, with no public exploit identified; EPSS score of 0.02% indicates minimal real-world exploitation probability despite the assigned CVSS score of 2.8.
Local apps on Apple macOS and iPadOS can access sensitive user data through inadequate information disclosure controls, requiring local execution and low-level user privileges. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, and macOS Tahoe 26.1 and earlier. Apple has released patched versions (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2) with improved access controls to restrict unauthorized data exposure. With an EPSS score of 0.02% (4th percentile) and no public exploit code identified at time of analysis, this represents a low real-world exploitation probability despite the moderate CVSS score.
Local privilege escalation in Apple's spellcheck API allows authenticated users to inappropriately access files on macOS, iOS, and related platforms through a logic flaw in access controls. Affected versions include macOS Sonoma 14.x and earlier, macOS Sequoia 15.7.2 and earlier, iOS 18.x and earlier, iPadOS 18.x and earlier, and watchOS 11.x and earlier. This vulnerability requires local access and user-level privileges but carries a low EPSS score (0.01%, percentile 3%) indicating minimal real-world exploitation likelihood at present. No public exploit code or active exploitation has been identified.
Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.
Use-after-free memory corruption in Apple WebKit allows remote attackers to crash Safari and iOS/iPadOS applications via maliciously crafted web content, resulting in denial of service. The vulnerability affects Safari 26.2, iOS 18.7.2 and 26.2, iPadOS 18.7.2 and 26.2, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. No public exploit code has been identified, and the vulnerability is not confirmed as actively exploited; however, the network-accessible attack vector and low complexity make it a moderate priority despite the low EPSS score.
Mail header parsing flaw in Apple operating systems allows unauthenticated remote attackers to trigger persistent denial-of-service conditions across iOS, iPadOS, macOS, visionOS, and watchOS platforms. The vulnerability affects all major Apple OS releases prior to January 2025 patches (iOS/iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Sonoma 14.8.2/Tahoe 26.1, visionOS 26.1, watchOS 26.1). With EPSS exploitation probability at 0.19% (41st percentile) and no public exploit identified at time of analysis, real-world risk appears moderate despite the 7.5 CVSS score.
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved handling of caches. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved redaction of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A local privilege escalation vulnerability in Apple's Keychain implementation allows an attacker with local access to bypass permissions checking and retrieve sensitive stored credentials and secrets. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, visionOS 26.4 and earlier, and watchOS 26.4 and earlier. No public exploitation has been confirmed, and patched versions are now available across all affected platforms.
An authorization and state management flaw in Apple's WebKit browser engine allows maliciously crafted webpages to fingerprint users by exploiting improper state handling during web interactions. This vulnerability affects Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 across all Apple platforms. An attacker can exploit this by hosting a specially crafted webpage that leverages the state management weakness to extract browser or device identifiers without user knowledge, enabling user tracking and profiling attacks. No CVSS score, EPSS data, or public proof-of-concept details are currently available, though Apple has released fixes across all affected platforms.
A logging issue in Apple's operating systems allows improper data redaction in system logs, enabling installed applications to access sensitive user data that should have been masked. This vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.3 and earlier, iPadOS 26.3 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.3 and earlier, and visionOS 26.3 and earlier. An attacker with the ability to install or control an application on an affected device could exploit inadequate log data filtering to extract confidential user information that should be protected by the operating system's redaction mechanisms.
Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).
A path handling vulnerability in iOS and iPadOS allows users with physical access to an iOS device to bypass Activation Lock through improved validation gaps in path handling logic. This authentication bypass affects iOS versions prior to 18.7.7 and 26.2, as well as corresponding iPadOS releases. While no CVSS score or EPSS data is publicly available, the physical access requirement and authentication bypass nature indicate a meaningful risk to device security and stolen device protection.
A logging issue in Apple's operating systems allows improper data redaction, potentially enabling applications to disclose kernel memory contents. This information disclosure vulnerability affects iOS and iPadOS (versions prior to 18.7.7 and 26.4), macOS (Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4), visionOS 26.4, and watchOS 26.4. An untrusted application with standard execution privileges could exploit this to read sensitive kernel memory that should have been redacted from logs, potentially exposing cryptographic material, memory addresses useful for ASLR bypass, or other privileged information. No CVSS score, EPSS data, or public proof-of-concept has been disclosed at this time, and this does not appear on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Memory corruption in Apple Safari, iOS, iPadOS, macOS, and visionOS allows remote attackers to crash affected processes by delivering maliciously crafted web content to users. The vulnerability requires user interaction to view the malicious content and does not enable code execution or information disclosure. A patch is currently unavailable for this issue.
Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are vulnerable to a stack overflow vulnerability that can be triggered by user interaction with a malicious app, potentially causing denial-of-service conditions. The vulnerability stems from insufficient input validation and affects multiple recent OS versions across Apple's product ecosystem. While no patch is currently available, users should exercise caution when installing apps from untrusted sources.
This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.
Denial-of-service attacks against multiple Apple platforms (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) result from improper null pointer handling that allows attackers in privileged network positions to crash affected systems. An attacker exploiting this CWE-476 vulnerability can render devices unavailable without user interaction. No patch is currently available, requiring users to apply mitigations until updates are released.
An input validation flaw in iOS and iPadOS allows malicious applications to bypass security controls and access sensitive user data without proper authorization. The vulnerability affects iOS and iPadOS versions prior to 26.3, where insufficient input validation in an unspecified component permits unauthorized data disclosure. Apple has patched this vulnerability in iOS 26.3 and iPadOS 26.3, and there are no public indicators of active exploitation or proof-of-concept availability.
Maliciously crafted media files containing out-of-bounds memory access in Apple's audio processing can crash affected applications across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. An attacker can trigger a denial of service by triggering the vulnerability through a specially crafted audio stream, though no patch is currently available. This impacts multiple recent OS versions where an out-of-bounds read occurs during media file processing.
Improper state management in Apple's authentication mechanisms across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows attackers positioned on a network to intercept and potentially manipulate encrypted traffic. An attacker with privileged network access can exploit this vulnerability to conduct man-in-the-middle attacks without user interaction, compromising the confidentiality of communications. No patch is currently available for this high-severity flaw.
Unpatched denial-of-service vulnerability in Apple iOS and iPadOS allows unauthenticated remote attackers to crash applications due to insufficient input validation. The vulnerability requires no user interaction and affects all versions prior to 26.4, with no security patch currently available.
Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption.
A sandbox escape vulnerability in Apple's WebKit browser engine allows malicious websites to process restricted web content outside the security sandbox, potentially enabling unauthorized access to protected system resources. The vulnerability affects Safari and all Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Apple has addressed this issue through improved memory handling in Safari 26.4 and corresponding OS updates across all affected platforms.
iOS and iPadOS devices are vulnerable to denial-of-service attacks due to insufficient buffer bounds checking that allows remote attackers to crash affected systems without authentication. The vulnerability affects iOS 26.4 and earlier versions, requiring network access but no user interaction. No patch is currently available for this HIGH severity issue.
Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.
A permissions enforcement vulnerability in Apple's operating systems allows applications to bypass access controls and read protected user data without proper authorization. The issue affects iOS and iPadOS versions prior to 26.3, and macOS Tahoe prior to 26.3. An attacker with a malicious app could exploit insufficient permission restrictions to access sensitive user information such as contacts, location data, photos, or other protected resources that should require explicit user consent.
Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS contain a use-after-free vulnerability that could allow remote attackers to crash affected applications by processing maliciously crafted web content. The vulnerability stems from improper memory management and requires user interaction to exploit. No patch is currently available, leaving users vulnerable until official updates are released.
A permissions enforcement vulnerability in Apple operating systems allows unauthorized enumeration of installed applications on a user's device. This information disclosure issue affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. An attacker with the ability to execute code as an installed application could enumerate the complete list of user-installed applications without explicit user permission, enabling targeted attacks, privacy violations, and device profiling.
This vulnerability allows an attacker with physical access to a locked Apple device to view sensitive user information through an authentication bypass. The issue affects iOS and iPadOS versions prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4 across all affected device lines. Apple has patched this through improved authentication mechanisms, and while no CVSS score, EPSS data, or known exploits-in-the-wild status are publicly disclosed, the physical access requirement and information disclosure impact characterize this as a moderate-priority security update for users in environments with theft or unauthorized device access risks.
A bypass vulnerability exists in iOS and iPadOS Stolen Device Protection that allows an attacker with physical access to an iOS device to circumvent biometric authentication and access protected apps using only the device passcode. This vulnerability affects devices running iOS and iPadOS versions prior to 26.4, where Stolen Device Protection is enabled. An attacker gaining physical possession of a locked device can exploit this flaw to access biometrics-gated Protected Apps, effectively defeating the intended security mechanism that requires biometric verification (Face ID or Touch ID) in addition to the passcode for sensitive app access.
Denial of service in Apple iOS, iPadOS, and macOS due to a use-after-free memory corruption vulnerability allows local attackers to trigger unexpected system termination. The flaw affects multiple Apple platforms including iOS 18.x, macOS Sequoia, Sonoma, and Tahoe versions. No patch is currently available.
Improper path validation in Apple's operating systems (iOS, iPadOS, macOS, and visionOS) allows applications to bypass directory access restrictions and read sensitive user data without user interaction. An attacker with a malicious app could exploit this parsing weakness to access confidential information across affected Apple devices. No patch is currently available, though Apple has released fixed versions across its product line.
This vulnerability involves improper handling of symbolic links in Apple operating systems that could allow an application to access user-sensitive data without proper authorization. The flaw affects iOS and iPadOS versions prior to 26.3, macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.3 and 26.4. An attacker with the ability to execute code in a sandboxed application context could potentially bypass security restrictions to access protected user information, though no active exploitation in the wild has been confirmed at this time.
This vulnerability is a memory handling flaw in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) that allows a malicious application to trigger unexpected system termination or corrupt kernel memory. The vulnerability affects all versions prior to the version 26.4 releases across Apple's entire ecosystem. An attacker can exploit this by crafting a malicious app that triggers improper memory handling, potentially leading to denial of service or privilege escalation through kernel memory corruption.
Remote attackers can trigger denial-of-service conditions against multiple Apple operating systems (iOS, iPadOS, macOS variants) through network requests that bypass insufficient input validation. The vulnerability affects iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.4 and earlier, macOS Sonoma 14.8.4 and earlier, and macOS Tahoe 26.3 and earlier. No patch is currently available for this high-severity vulnerability with a 7.5 CVSS score.
This vulnerability affects Apple's Safari browser and related Apple operating systems (iOS, iPadOS, macOS Tahoe, and visionOS) due to improper memory handling when processing maliciously crafted web content. The flaw can lead to unexpected process crashes, resulting in a denial of service condition affecting all users of the impacted Safari versions and OS versions below 26.4. While no CVSS score or EPSS data is currently published, the vulnerability has been patched by Apple, suggesting it was discovered through internal security review or responsible disclosure rather than active exploitation.
A symlink validation vulnerability in Apple's iOS, iPadOS, and macOS operating systems allows malicious applications to bypass file system protections and access sensitive user data through improper handling of symbolic links. The vulnerability affects iOS 18.7.7 and earlier, iPadOS 18.7.7 and earlier, iOS 26.4 and earlier, iPadOS 26.4 and earlier, macOS Sequoia 15.7.5 and earlier, macOS Sonoma 14.8.5 and earlier, and macOS Tahoe 26.4 and earlier. An attacker with the ability to install or execute an application on the affected system could leverage this weakness to read restricted files and access private user information without proper authorization.
Sandbox escape vulnerability in Apple iOS, iPadOS, macOS, and visionOS allows local attackers to break out of application sandboxes through improper path validation, potentially enabling unauthorized access to system resources and data. An attacker with local access could leverage this flaw to execute arbitrary operations outside application boundaries and bypass security restrictions. No patch is currently available for this critical vulnerability affecting multiple Apple platforms.
A kernel state information disclosure vulnerability exists across Apple's entire platform ecosystem that allows a malicious application to leak sensitive kernel memory without requiring elevated privileges. The vulnerability affects iOS and iPadOS versions prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Tahoe 26.4, and tvOS, visionOS, and watchOS 26.4. An attacker can craft a specially designed app that exploits improper authentication mechanisms to access protected kernel state, potentially exposing cryptographic keys, memory addresses, or other sensitive operating system internals that could be chained with other vulnerabilities.
A privacy vulnerability in Apple's Mail application allows the "Hide IP Address" and "Block All Remote Content" user preferences to fail inconsistently across certain mail content, potentially exposing user IP addresses and loading remote content despite explicit user configuration. This affects iOS, iPadOS, and multiple macOS versions. While no CVSS score or EPSS data is currently available and there is no indication of active exploitation in the wild (KEV status not listed), the vulnerability represents a direct circumvention of privacy controls that users explicitly enable to protect their identity and security posture.
A man-in-the-middle vulnerability in Cryptomator for iOS versions prior to 2.8.3 allows attackers who can modify the vault.cryptomator configuration file to intercept authentication tokens by substituting malicious API endpoints while maintaining legitimate authentication endpoints. This affects users unlocking Hub-backed vaults in environments where attackers have write access to vault configuration files. No evidence of active exploitation (not in CISA KEV) has been reported, and patches are available.
A denial of service vulnerability in A cross-origin (CVSS 5.4). Remediation should follow standard vulnerability management procedures.
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. [CVSS 8.8 HIGH]
Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
OpenClaw's mDNS/Bonjour discovery beacons transmit unauthenticated TXT records that iOS, macOS, and Android clients treat as authoritative for routing and TLS certificate pinning, allowing an attacker on a shared LAN to advertise a rogue service and redirect connections to attacker-controlled endpoints. An attacker can exploit this to bypass TLS pinning validation and potentially capture Gateway credentials through man-in-the-middle attacks. The vulnerability affects OpenClaw versions prior to 2026.2.14 and requires network proximity but no user interaction.
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.
Deleted notes on affected Apple iOS and iPadOS devices remain accessible due to improper state management, allowing unauthenticated remote attackers to discover sensitive deleted content without user interaction. This information disclosure vulnerability affects iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5, with no patch currently available for earlier versions.
iOS and iPadOS devices expose sensitive user information to attackers with physical access to locked devices due to improper data handling in the system. The vulnerability allows unauthorized viewing of confidential information without requiring authentication or user interaction. Apple patched this information disclosure flaw in iOS 26.3 and iPadOS 26.3.
An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 2.4 LOW]
iPhone Mirroring in iOS and iPadOS allows an attacker with physical device access to bypass UI protections and capture screenshots containing sensitive information that should remain hidden during the mirroring session. The vulnerability stems from insufficient state management in the user interface, enabling unauthorized viewing of private data on the iPhone while it is being mirrored to a Mac. No patch is currently available for this medium-severity issue.
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. [CVSS 5.5 MEDIUM]
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. [CVSS 5.5 MEDIUM]
data exposed depends on the last application view displayed versions up to 4.71.0 contains a security vulnerability.
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. [CVSS 5.5 MEDIUM]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 3.3 LOW]
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 5.3 MEDIUM]
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. [CVSS 2.4 LOW]
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. [CVSS 4.3 MEDIUM]
Local authenticated applications on iOS and iPadOS can access user-sensitive data due to insufficient entitlement checks, affecting iOS 18.7.2 and earlier and iPadOS 18.7.2 and earlier (as well as iOS 26.1 and iPadOS 26.1 and earlier). An attacker with app installation capability can exploit this vulnerability to bypass privacy controls and exfiltrate protected user information. No public exploit identified at time of analysis, though the 5.5 CVSS score and information disclosure classification indicate moderate real-world risk in targeted attack scenarios.
Local privilege escalation in Apple operating systems (iOS, iPadOS, macOS Tahoe, visionOS, watchOS) allows authenticated applications to bypass payment token access restrictions and obtain sensitive payment credentials. The vulnerability affects all versions prior to the 26.2 release across affected platforms. CVSS 5.5 with low real-world exploitation risk (EPSS 0.01%), no public exploit identified, not listed in CISA KEV.
Installed app enumeration via permissions bypass in Apple operating systems allows a locally authenticated app to discover what other applications a user has installed through insufficient access controls. Affects iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Tahoe 26.1 and earlier, tvOS 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability has a low CVSS score (3.3) with extremely low exploitation probability (EPSS 0.02%) and no public exploit identified at time of analysis.
Local apps on Apple devices can access a user's Safari browsing history due to insufficient data redaction in system logging, affecting iOS, iPadOS, macOS Tahoe, and watchOS prior to version 26.2. An attacker with local app execution privileges can extract sensitive Safari history from system logs without user interaction. This vulnerability carries a 3.3 CVSS score with minimal real-world exploitation probability (EPSS 0.01%) and no known public exploits.
Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.
Safari and Apple operating systems contain a race condition that crashes the rendering process when processing maliciously crafted web content, affecting Safari 26.2 and earlier, iOS 18.7.3 and earlier, iPadOS 18.7.3 and earlier, macOS Tahoe 26.2 and earlier, tvOS 26.2 and earlier, visionOS 26.2 and earlier, and watchOS 26.2 and earlier. The vulnerability requires user interaction (clicking a malicious link or visiting a hostile website) and has high attack complexity, resulting in denial of service through process crash rather than data compromise. No public exploit code has been identified, EPSS exploitation probability is very low at 0.12%, and Apple has released patched versions across all affected platforms.
Unauthenticated access to Hidden Photos Album in Apple iOS, iPadOS, macOS, and visionOS allows remote attackers to view protected photos without authentication due to a configuration flaw. Fixed in iOS/iPadOS 26.2, macOS Tahoe 26.2, and visionOS 26.2. CVSS 9.8 (Critical) reflects network-based unauthenticated access, though EPSS of 0.13% (32nd percentile) suggests low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. This represents a privacy-critical authentication bypass affecting Apple's Photos app across all major platforms.
FaceTime caller ID spoofing vulnerability in Apple operating systems allows remote attackers to spoof their caller identity due to inconsistent user interface state management. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires no user interaction or authentication and carries low real-world exploitation risk (EPSS 0.07%, percentile 21%), with no public exploit code or active exploitation confirmed.
Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.
Local apps can access sensitive user data through improved privacy controls in Apple operating systems across iOS, iPadOS, macOS, visionOS, and watchOS. The vulnerability requires local network access and an authenticated user session (PR:L), limiting exposure to installed applications with explicit permissions. Confirmed patches are available across all affected platforms, and exploitation probability is very low (EPSS 0.02%), indicating this is a privacy-boundary issue rather than a critical security flaw.
Password field disclosure in Apple operating systems allows remote observation of credentials during FaceTime screen sharing sessions. Affects iOS/iPadOS 18.x through 18.7.2, iOS/iPadOS 26.0-26.1, macOS Sequoia through 15.7.2, macOS Tahoe through 26.1, and visionOS through 26.1. Attackers with network access to FaceTime sessions can view password fields that should be masked, creating credential exposure risk during remote support or collaboration scenarios. EPSS score of 0.03% (10th percentile) indicates low automated exploitation probability, and no public exploit identified at time of analysis.
Memory corruption via out-of-bounds write in Apple operating systems allows remote attackers to execute arbitrary code when victims process a malicious file. The vulnerability affects macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x), iOS/iPadOS (18.x, 26.x), tvOS, visionOS, and watchOS 26.x. Despite a high CVSS score of 8.8, EPSS data indicates only 0.05% exploitation probability (15th percentile), and no public exploit code or active exploitation is confirmed. The flaw stems from inadequate bounds checking (CWE-787) in file processing routines, requiring user interaction but no authentication, making it a realistic phishing or malicious download target.
Local apps can access sensitive user data through inadequate log redaction in Apple's operating systems, affecting iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, iOS 26.1 and earlier, iPadOS 26.1 and earlier, macOS Sonoma 14.8.2 and earlier, macOS Tahoe 26.1 and earlier, visionOS 26.1 and earlier, and watchOS 26.1 and earlier. The vulnerability requires local app execution with limited user privileges but no interaction, resulting in unauthorized read access to sensitive data stored in application logs. While EPSS probability is minimal (0.01%), the local attack vector and high confidentiality impact warrant patching in environments where untrusted apps may be installed.
Memory corruption in Apple operating systems due to insufficient bounds checking allows local authenticated users to cause denial of service through malicious data processing, affecting iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability requires local access and user interaction, with no public exploit identified; EPSS score of 0.02% indicates minimal real-world exploitation probability despite the assigned CVSS score of 2.8.
Local apps on Apple macOS and iPadOS can access sensitive user data through inadequate information disclosure controls, requiring local execution and low-level user privileges. Affected versions include iOS 18.7.2 and earlier, iPadOS 18.7.2 and earlier, macOS Sequoia 15.7.2 and earlier, macOS Sonoma 14.8.2 and earlier, and macOS Tahoe 26.1 and earlier. Apple has released patched versions (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2) with improved access controls to restrict unauthorized data exposure. With an EPSS score of 0.02% (4th percentile) and no public exploit code identified at time of analysis, this represents a low real-world exploitation probability despite the moderate CVSS score.
Local privilege escalation in Apple's spellcheck API allows authenticated users to inappropriately access files on macOS, iOS, and related platforms through a logic flaw in access controls. Affected versions include macOS Sonoma 14.x and earlier, macOS Sequoia 15.7.2 and earlier, iOS 18.x and earlier, iPadOS 18.x and earlier, and watchOS 11.x and earlier. This vulnerability requires local access and user-level privileges but carries a low EPSS score (0.01%, percentile 3%) indicating minimal real-world exploitation likelihood at present. No public exploit code or active exploitation has been identified.
Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.
Use-after-free memory corruption in Apple WebKit allows remote attackers to crash Safari and iOS/iPadOS applications via maliciously crafted web content, resulting in denial of service. The vulnerability affects Safari 26.2, iOS 18.7.2 and 26.2, iPadOS 18.7.2 and 26.2, macOS Tahoe 26.2, visionOS 26.2, and watchOS 26.2. No public exploit code has been identified, and the vulnerability is not confirmed as actively exploited; however, the network-accessible attack vector and low complexity make it a moderate priority despite the low EPSS score.
Mail header parsing flaw in Apple operating systems allows unauthenticated remote attackers to trigger persistent denial-of-service conditions across iOS, iPadOS, macOS, visionOS, and watchOS platforms. The vulnerability affects all major Apple OS releases prior to January 2025 patches (iOS/iPadOS 18.7.2/26.1, macOS Sequoia 15.7.2/Sonoma 14.8.2/Tahoe 26.1, visionOS 26.1, watchOS 26.1). With EPSS exploitation probability at 0.19% (41st percentile) and no public exploit identified at time of analysis, real-world risk appears moderate despite the 7.5 CVSS score.
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved handling of caches. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved redaction of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.